Inclusion of Sensitive Information in Log Files in IntelliBridge Enterprise (IBE) - CVE-2020-12023

 

Inclusion of Sensitive Information in Log Files in IntelliBridge Enterprise (IBE) - CVE-2020-12023

Published: June 12, 2020


Vulnerability identifier: #VU28992
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-12023
CWE-ID: CWE-532
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Philips
Affected software:
IntelliBridge Enterprise (IBE)

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. An administrator on the local network can read plain text credentials from log files.

This vulnerability affects the following Workflows:

IntelliBridge Enterprise system integration with,

  • SureSigns (VS4)
  • EarlyVue (VS30)
  • IntelliVue Guardian (IGS)  


How to mitigate CVE-2020-12023

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources