CVE-2018-8863

Summary

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.

Affected Software

VendorProductVersion RangeStatus
PhilipsEncoreAnywhere0 <= 2.36.3.3affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

Philips has identified and put in place mitigations to reduce the risk of exploitation of this vulnerability. They continue to assess additional mitigations and a full implementation and documentation will be available by September 2018.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References