Search criteria
18 vulnerabilities found for Clinical Collaboration Platform by Philips
VAR-202506-0189
Vulnerability from variot - Updated: 2025-06-18 23:32An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. philips' Clinical Collaboration Platform Contains a command injection vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"cve": "CVE-2025-27954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-27954",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-006993",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-27954",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006993",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. philips\u0027 Clinical Collaboration Platform Contains a command injection vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-27954"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-27954",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006993",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"id": "VAR-202506-0189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2025-06-18T23:32:00.991000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/intruderlabs/cvex/tree/main/carestream/session-token-in-url"
},
{
"trust": 1.8,
"url": "https://portswigger.net/kb/issues/00500700_session-token-in-url"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-27954"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"date": "2025-06-02T18:15:24.030000",
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T07:32:00",
"db": "JVNDB",
"id": "JVNDB-2025-006993"
},
{
"date": "2025-06-13T17:53:04.447000",
"db": "NVD",
"id": "CVE-2025-27954"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "philips\u0027 \u00a0Clinical\u00a0Collaboration\u00a0Platform\u00a0 Command injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006993"
}
],
"trust": 0.8
}
}
VAR-202506-0133
Vulnerability from variot - Updated: 2025-06-18 23:29An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. philips' Clinical Collaboration Platform Contains a command injection vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"cve": "CVE-2025-27953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-27953",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-006921",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-27953",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006921",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. philips\u0027 Clinical Collaboration Platform Contains a command injection vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-27953"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-27953",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006921",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"id": "VAR-202506-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2025-06-18T23:29:01.375000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/intruderlabs/cvex/tree/main/carestream/session-token-in-url"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-27953"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"date": "2025-06-02T18:15:23.903000",
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T01:11:00",
"db": "JVNDB",
"id": "JVNDB-2025-006921"
},
{
"date": "2025-06-13T17:52:01.717000",
"db": "NVD",
"id": "CVE-2025-27953"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "philips\u0027 \u00a0Clinical\u00a0Collaboration\u00a0Platform\u00a0 Command injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006921"
}
],
"trust": 0.8
}
}
VAR-202506-0101
Vulnerability from variot - Updated: 2025-06-18 23:25Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. philips' Clinical Collaboration Platform contains a vulnerability related to the restriction of security token allocation.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": "12.2.1.5"
},
{
"model": "clinical collaboration platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a3\u30ea\u30c3\u30d7\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"cve": "CVE-2025-27955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2025-27955",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-007007",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-27955",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-007007",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. philips\u0027 Clinical Collaboration Platform contains a vulnerability related to the restriction of security token allocation.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-27955"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-27955",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007007",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"id": "VAR-202506-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2025-06-18T23:25:16.735000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1259",
"trust": 1.0
},
{
"problemtype": "Improper restriction of security token allocation (CWE-1259) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/intruderlabs/cvex/tree/main/carestream/session-token-in-url"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-27955"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"date": "2025-06-02T18:15:24.143000",
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-16T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2025-007007"
},
{
"date": "2025-06-13T18:00:47.623000",
"db": "NVD",
"id": "CVE-2025-27955"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "philips\u0027 \u00a0Clinical\u00a0Collaboration\u00a0Platform\u00a0 Vulnerability regarding limiting security token allocation in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007007"
}
],
"trust": 0.8
}
}
VAR-202009-0600
Vulnerability from variot - Updated: 2025-06-05 23:07Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to gain unauthorized access to resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=12.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:clinical_collaboration_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"cve": "CVE-2020-16247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16247",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-52879",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-169306",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-16247",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2020-16247",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 2.4,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16247",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-16247",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-52879",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-169306",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to gain unauthorized access to resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16247"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16247",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSMA-20-261-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU94803567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52879",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3220",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169306",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"id": "VAR-202009-0600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
}
]
},
"last_update_date": "2025-06-05T23:07:39.604000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security ",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips Clinical Collaboration Platform improper access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/234883"
},
{
"title": "Philips Clinical Collaboration Platform Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129243"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.1
},
{
"problemtype": "CWE-668",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169306"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94803567"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3220/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"db": "VULHUB",
"id": "VHN-169306"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-169306"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"date": "2020-09-18T18:15:17.113000",
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52879"
},
{
"date": "2022-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169306"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2022-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1043"
},
{
"date": "2025-06-04T22:15:24.350000",
"db": "NVD",
"id": "CVE-2020-16247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made Clinical Collaboration Platform Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1043"
}
],
"trust": 0.6
}
}
VAR-202009-0588
Vulnerability from variot - Updated: 2025-06-05 23:07When an attacker claims to have a given identity,
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=12.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:clinical_collaboration_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"cve": "CVE-2020-16198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-16198",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2020-52881",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-169252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-16198",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2020-16198",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 2.4,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16198",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-16198",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-52881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-169252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When an attacker claims to have a given identity, \n\nPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \ndoes not prove or insufficiently proves the claim is correct. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-261-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-16198",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94803567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52881",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-169252",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"id": "VAR-202009-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
}
]
},
"last_update_date": "2025-06-05T23:07:39.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security ",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips Clinical Collaboration Platform protection mechanism failure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/234889"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169252"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94803567"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"db": "VULHUB",
"id": "VHN-169252"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-169252"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-18T18:15:16.957000",
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52881"
},
{
"date": "2020-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169252"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2025-06-04T22:15:23.507000",
"db": "NVD",
"id": "CVE-2020-16198"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made Clinical Collaboration Platform Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
],
"trust": 0.8
}
}
VAR-202009-0318
Vulnerability from variot - Updated: 2025-06-05 23:07Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to conduct cross-site request forgery attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=12.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:clinical_collaboration_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"cve": "CVE-2020-14506",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-14506",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-52882",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-167391",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-14506",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"id": "CVE-2020-14506",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 2.4,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14506",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-14506",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-52882",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1051",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-167391",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to conduct cross-site request forgery attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14506"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-261-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2020-14506",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU94803567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52882",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3220",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167391",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"id": "VAR-202009-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
}
]
},
"last_update_date": "2025-06-05T23:07:39.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security ",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips Clinical Collaboration Platform cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/234892"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167391"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94803567"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14506"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3220/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "VULHUB",
"id": "VHN-167391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-167391"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"date": "2020-09-18T18:15:16.583000",
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"date": "2020-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-167391"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1051"
},
{
"date": "2025-06-04T20:15:21.540000",
"db": "NVD",
"id": "CVE-2020-14506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Clinical Collaboration Platform cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52882"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1051"
}
],
"trust": 0.6
}
}
VAR-202009-0306
Vulnerability from variot - Updated: 2025-06-05 23:07Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "12.2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:clinical_collaboration_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"cve": "CVE-2020-14525",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2020-14525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-167412",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2020-14525",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 2.4,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14525",
"trust": 1.0,
"value": "LOW"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-14525",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-167412",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14525"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "VULHUB",
"id": "VHN-167412"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14525",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-20-261-01",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU94803567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-167412",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"id": "VAR-202009-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167412"
}
],
"trust": 0.7999999999999999
},
"last_update_date": "2025-06-05T23:07:39.522000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security ",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-83",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94803567"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-167412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-167412"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-18T18:15:16.690000",
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-167412"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2025-06-04T22:15:23.333000",
"db": "NVD",
"id": "CVE-2020-14525"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made Clinical Collaboration Platform Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
],
"trust": 0.8
}
}
VAR-202009-0589
Vulnerability from variot - Updated: 2025-06-05 23:07Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to exhaust available resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "12.2.1"
},
{
"model": "clinical collaboration platform",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=12.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:clinical_collaboration_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"cve": "CVE-2020-16200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-16200",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-52880",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-169255",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-16200",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "Low",
"baseScore": 5.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008764",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 2.4,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-008764",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16200",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-16200",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-52880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-169255",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\ndoes not properly control the allocation and maintenance of a limited \nresource, thereby enabling an attacker to influence the amount of \nresources consumed, eventually leading to the exhaustion of available \nresources. Clinical Collaboration Platform Is Philips This is a medical image information system provided by the company. Clinical Collaboration Platform Is vulnerable to several vulnerabilities: * Cross-site request forgery (CWE-352) - CVE-2020-14506 *Web Improperly invalidating scripts in page tag attributes (CWE-83) - CVE-2020-14525 * Malfunction of protection mechanism (CWE-693) - CVE-2020-16198 * Algorithm downgrade (CWE-757) - CVE-2020-16200 * Environmental setting (CWE-16) - CVE-2020-16247The expected impact depends on each vulnerability, but it may be affected as follows. * When a user who logs in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2020-14506 * Arbitrary script is executed by the user who logged in to the product - CVE-2020-14525 * Authentication is bypassed and unauthorized access is made by an adjacent third party - CVE-2020-16198 * Adjacent third parties cause resource exhaustion and disrupt service operations (DoS) Be in a state - CVE-2020-16200 * Unauthorized access to sensitive information by a third party - CVE-2020-16247. Attackers can use this vulnerability to exhaust available resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16200"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-261-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-16200",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94803567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52880",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-169255",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"id": "VAR-202009-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
}
]
},
"last_update_date": "2025-06-05T23:07:39.495000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Security ",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips Clinical Collaboration Platform algorithm downgrade vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/234886"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-757",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169255"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16200"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14506"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14525"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16198"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94803567"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"db": "VULHUB",
"id": "VHN-169255"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-169255"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2020-09-18T18:15:17.037000",
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52880"
},
{
"date": "2020-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-169255"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008764"
},
{
"date": "2025-06-04T22:15:23.680000",
"db": "NVD",
"id": "CVE-2020-16200"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made Clinical Collaboration Platform Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008764"
}
],
"trust": 0.8
}
}
CVE-2020-16247 (GCVE-0-2020-16247)
Vulnerability from nvd – Published: 2020-09-18 17:55 – Updated: 2025-06-04 21:24
VLAI?
Title
Philips Clinical Collaboration Platform Configuration
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Severity ?
6.8 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:24:46.327Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\nPhilips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.\n\n\n\n\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16247",
"datePublished": "2020-09-18T17:55:24",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:24:46.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16200 (GCVE-0-2020-16200)
Vulnerability from nvd – Published: 2020-09-18 17:53 – Updated: 2025-06-04 21:21
VLAI?
Title
Philips Clinical Collaboration Platform Algorithm Downgrade
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not properly control the allocation and maintenance of a limited
resource, thereby enabling an attacker to influence the amount of
resources consumed, eventually leading to the exhaustion of available
resources.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\ndoes not properly control the allocation and maintenance of a limited \nresource, thereby enabling an attacker to influence the amount of \nresources consumed, eventually leading to the exhaustion of available \nresources.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\ndoes not properly control the allocation and maintenance of a limited \nresource, thereby enabling an attacker to influence the amount of \nresources consumed, eventually leading to the exhaustion of available \nresources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:21:08.344Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003ePhilips \nrequires manual intervention to remediate CVE-2020-16200.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips \nrequires manual intervention to remediate CVE-2020-16200.\n\n\n\n\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Algorithm Downgrade",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16200",
"datePublished": "2020-09-18T17:53:23",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:21:08.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16198 (GCVE-0-2020-16198)
Vulnerability from nvd – Published: 2020-09-18 17:50 – Updated: 2025-06-04 21:17
VLAI?
Title
Philips Clinical Collaboration Platform Protection Mechanism Failure
Summary
When an attacker claims to have a given identity,
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not prove or insufficiently proves the claim is correct.
Severity ?
5 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nWhen an attacker claims to have a given identity, \n\nPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \ndoes not prove or insufficiently proves the claim is correct.\n\n\u003c/p\u003e"
}
],
"value": "When an attacker claims to have a given identity, \n\nPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \ndoes not prove or insufficiently proves the claim is correct."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:17:52.555Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-16198.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-16198.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Protection Mechanism Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16198",
"datePublished": "2020-09-18T17:50:08",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:17:52.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14525 (GCVE-0-2020-14525)
Vulnerability from nvd – Published: 2020-09-18 17:48 – Updated: 2025-06-04 21:12
VLAI?
Title
Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input
before it is placed in output used as a webpage that is served to other
users.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "CWE-83",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:12:52.643Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.\u003c/p\u003e\n\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14525",
"datePublished": "2020-09-18T17:48:30",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:12:52.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14506 (GCVE-0-2020-14506)
Vulnerability from nvd – Published: 2020-09-18 17:46 – Updated: 2025-06-04 20:03
VLAI?
Title
Philips Clinical Collaboration Platform Cross-site Request Forgery
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:03:25.989Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.\u003c/p\u003e\n\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Cross-site Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14506",
"datePublished": "2020-09-18T17:46:53",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T20:03:25.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16247 (GCVE-0-2020-16247)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:55 – Updated: 2025-06-04 21:24
VLAI?
Title
Philips Clinical Collaboration Platform Configuration
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Severity ?
6.8 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\n\nexposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:24:46.327Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\nPhilips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform Version 12.2.5 was released in May 2020 to remediate CVE-2020-16247.\n\n\n\n\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16247",
"datePublished": "2020-09-18T17:55:24",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:24:46.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16200 (GCVE-0-2020-16200)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:53 – Updated: 2025-06-04 21:21
VLAI?
Title
Philips Clinical Collaboration Platform Algorithm Downgrade
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not properly control the allocation and maintenance of a limited
resource, thereby enabling an attacker to influence the amount of
resources consumed, eventually leading to the exhaustion of available
resources.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\ndoes not properly control the allocation and maintenance of a limited \nresource, thereby enabling an attacker to influence the amount of \nresources consumed, eventually leading to the exhaustion of available \nresources.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, \n\ndoes not properly control the allocation and maintenance of a limited \nresource, thereby enabling an attacker to influence the amount of \nresources consumed, eventually leading to the exhaustion of available \nresources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:21:08.344Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003ePhilips \nrequires manual intervention to remediate CVE-2020-16200.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips \nrequires manual intervention to remediate CVE-2020-16200.\n\n\n\n\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Algorithm Downgrade",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16200",
"datePublished": "2020-09-18T17:53:23",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:21:08.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16198 (GCVE-0-2020-16198)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:50 – Updated: 2025-06-04 21:17
VLAI?
Title
Philips Clinical Collaboration Platform Protection Mechanism Failure
Summary
When an attacker claims to have a given identity,
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not prove or insufficiently proves the claim is correct.
Severity ?
5 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nWhen an attacker claims to have a given identity, \n\nPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \ndoes not prove or insufficiently proves the claim is correct.\n\n\u003c/p\u003e"
}
],
"value": "When an attacker claims to have a given identity, \n\nPhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, \ndoes not prove or insufficiently proves the claim is correct."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:17:52.555Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-16198.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-16198.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Protection Mechanism Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16198",
"datePublished": "2020-09-18T17:50:08",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2025-06-04T21:17:52.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14525 (GCVE-0-2020-14525)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:48 – Updated: 2025-06-04 21:12
VLAI?
Title
Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input
before it is placed in output used as a webpage that is served to other
users.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers.\n\n\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "CWE-83",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:12:52.643Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.\u003c/p\u003e\n\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14525",
"datePublished": "2020-09-18T17:48:30",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:12:52.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14506 (GCVE-0-2020-14506)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:46 – Updated: 2025-06-04 20:03
VLAI?
Title
Philips Clinical Collaboration Platform Cross-site Request Forgery
Summary
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | Clinical Collaboration Platform |
Affected:
0 , < 12.2.1
(custom)
|
Credits
Northridge Hospital Medical Center reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clinical Collaboration Platform",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.\u003c/p\u003e"
}
],
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:03:25.989Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.\u003c/p\u003e\n\u003cp\u003ePhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support, or regional service support\u003c/a\u003e, or call 1-877-328-2808, option 4.\u003c/p\u003e\u003cp\u003eThe Philips advisory and the latest security information for Philips products are available at the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."
}
],
"source": {
"advisory": "ICSMA-20-261-01",
"discovery": "EXTERNAL"
},
"title": "Philips Clinical Collaboration Platform Cross-site Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Clinical Collaboration Platform",
"version": {
"version_data": [
{
"version_value": "Versions 12.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14506",
"datePublished": "2020-09-18T17:46:53",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T20:03:25.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}