CVE-2020-14506

Philips Clinical Collaboration Platform Cross-site Request Forgery

CVSS 3.4 LOWEPSS 0.3%CWE-352

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Sep 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Affected products

Philips · Clinical Collaboration Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive