CVE-2018-8863
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | EncoreAnywhere | 0 <= 2.36.3.3 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Workarounds
Philips has identified and put in place mitigations to reduce the risk of exploitation of this vulnerability. They continue to assess additional mitigations and a full implementation and documentation will be available by September 2018.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.