CVE-2018-8852

Summary

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.

Affected Software

VendorProductVersion RangeStatus
Philipse-Alert Unit (non-medical device)R2.1 and prioraffected

Weaknesses

  • CWE-384: SESSION FIXATION CWE-384

ADP Enrichment

CVE Program Container

Additional References

References