CVE-2020-16218

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*
cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*

History

12 Dec 2023, 21:15

Type Values Removed Values Added
References
  • () https://www.philips.com/productsecurity -
Summary Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.

Information

Published : 2020-09-11 13:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-16218

Mitre link : CVE-2020-16218

CVE.ORG link : CVE-2020-16218


JSON object : View

Products Affected

philips

  • patient_information_center_ix
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')