{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Clinical Collaboration Platform", "vendor": "Philips", "versions": [{"lessThan": "12.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.</p>"}], "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T20:03:25.989Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.</p>\n<p>Philips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.</p><p>Users with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support, or regional service support</a>, or call 1-877-328-2808, option 4.</p><p>The Philips advisory and the latest security information for Philips products are available at the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a>.\n\n<br></p>"}], "value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14506.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14506.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."}], "source": {"advisory": "ICSMA-20-261-01", "discovery": "EXTERNAL"}, "title": "Philips Clinical Collaboration Platform Cross-site Request Forgery", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-14506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips Clinical Collaboration Platform", "version": {"version_data": [{"version_value": "Versions 12.2.1 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.693Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14506", "datePublished": "2020-09-18T17:46:53.000Z", "dateReserved": "2020-06-19T00:00:00.000Z", "dateUpdated": "2025-06-04T20:03:25.989Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:clinical_collaboration_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "53A1D5DF-AD61-4A42-8021-C0FFBCB98144", "versionEndIncluding": "12.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}, {"lang": "es", "value": "Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores.&#xa0;El producto recibe entrada o datos, pero no comprueba o comprueba incorrectamente que la entrada cuenta con las propiedades requeridas para procesar los datos de manera segura y correcta"}], "id": "CVE-2020-14506", "lastModified": "2025-06-04T20:15:21.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-18T18:15:16.583", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}