{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Clinical Collaboration Platform", "vendor": "Philips", "versions": [{"lessThan": "12.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Northridge Hospital Medical Center reported these vulnerabilities to Philips."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers.\n\n</p>"}], "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-83", "description": "CWE-83", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T21:12:52.643Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.</p>\n<p>Philips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.</p><p>Users with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support, or regional service support</a>, or call 1-877-328-2808, option 4.</p><p>The Philips advisory and the latest security information for Philips products are available at the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a>.\n\n<br></p>"}], "value": "Philips released the Clinical Collaboration Platform patch 12.2.1.5 \nin June 2020 for web portals to remediate CVE-2020-14525.\n\n\nPhilips Clinical Collaboration Platform Version 12.2.5 was released \nin May 2020 to remediate CVE-2020-14525.\n\nUsers with questions regarding their specific Philips Clinical \nCollaboration Platform installations and new release eligibility should \ncontact Philips service support, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-877-328-2808, option 4.\n\nThe Philips advisory and the latest security information for Philips products are available at the Philips product security website https://www.philips.com/productsecurity ."}], "source": {"advisory": "ICSMA-20-261-01", "discovery": "EXTERNAL"}, "title": "Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-14506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips Clinical Collaboration Platform", "version": {"version_data": [{"version_value": "Versions 12.2.1 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.796Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14525", "datePublished": "2020-09-18T17:48:30", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2025-06-04T21:12:52.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:clinical_collaboration_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "53A1D5DF-AD61-4A42-8021-C0FFBCB98144", "versionEndIncluding": "12.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input \nbefore it is placed in output used as a webpage that is served to other \nusers."}, {"lang": "es", "value": "Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores.&#xa0;El software no neutraliza o neutraliza incorrectamente una entrada controlada por el usuario antes de que sea colocada en la salida usada como una p\u00e1gina web que es servida a otros usuarios"}], "id": "CVE-2020-14525", "lastModified": "2025-06-04T22:15:23.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-18T18:15:16.690", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-83"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}