#VU46648 Improper Authentication in Patient Information Center iX and PerformanceBridge Focal Point - CVE-2020-16222
Published: September 11, 2020
Vulnerability identifier: #VU46648
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-16222
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Patient Information Center iX
PerformanceBridge Focal Point
Patient Information Center iX
PerformanceBridge Focal Point
Software vendor:
Philips
Philips
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.