Details of VAR-202006-0320

ID

VAR-202006-0320

CVE

CVE-2020-12023

TITLE

Philips Made IntelliBridge Enterprise (IBE) Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005436

DESCRIPTION

Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. Philips Made IntelliBridge Enterprise (IBE) Exists in a vulnerability related to information leakage from log files. Philips IntelliBridge Enterprise (IBE) is a solution from Philips of the Netherlands that provides a single point of contact between EHR (electronic health records) and Philips clinical solutions

Trust: 1.71

sources: NVD: CVE-2020-12023 // JVNDB: JVNDB-2020-005436 // VULHUB: VHN-164660

AFFECTED PRODUCTS

vendor:	philips	model:	intellibridge enterprise	scope:	lte	version:	b.12	Trust: 1.0
vendor:	philips	model:	intellibridge enterprise	scope:	eq	version:	(ibe) versions b.12	Trust: 0.8

sources: JVNDB: JVNDB-2020-005436 // NVD: CVE-2020-12023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12023
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2020-005436
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202006-919
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164660
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-12023
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-164660
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12023
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-005436
baseSeverity:	LOW
baseScore:	2.0
vectorString:	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164660 // JVNDB: JVNDB-2020-005436 // CNNVD: CNNVD-202006-919 // NVD: CVE-2020-12023

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-164660 // JVNDB: JVNDB-2020-005436 // NVD: CVE-2020-12023

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-919

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202006-919

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005436

PATCH

title:

Security Advisories

url:

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 0.8

sources: JVNDB: JVNDB-2020-005436

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12023	Trust: 2.5
db:	ICS CERT	id:	ICSMA-20-163-01	Trust: 2.5
db:	JVN	id:	JVNVU95105247	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005436	Trust: 0.8
db:	NSFOCUS	id:	47333	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2063	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-919	Trust: 0.6
db:	CNVD	id:	CNVD-2020-51565	Trust: 0.1
db:	VULHUB	id:	VHN-164660	Trust: 0.1

sources: VULHUB: VHN-164660 // JVNDB: JVNDB-2020-005436 // CNNVD: CNNVD-202006-919 // NVD: CVE-2020-12023

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-20-163-01	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12023	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu95105247/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2063/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47333	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12023	Trust: 0.6

sources: VULHUB: VHN-164660 // JVNDB: JVNDB-2020-005436 // CNNVD: CNNVD-202006-919 // NVD: CVE-2020-12023

SOURCES

db:	VULHUB	id:	VHN-164660
db:	JVNDB	id:	JVNDB-2020-005436
db:	CNNVD	id:	CNNVD-202006-919
db:	NVD	id:	CVE-2020-12023

LAST UPDATE DATE

2024-11-23T22:29:36.893000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164660	date:	2020-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-005436	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202006-919	date:	2020-07-30T00:00:00
db:	NVD	id:	CVE-2020-12023	date:	2024-11-21T04:59:08.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164660	date:	2020-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-005436	date:	2020-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202006-919	date:	2020-06-11T00:00:00
db:	NVD	id:	CVE-2020-12023	date:	2020-06-11T20:15:10.960