Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8863

7.5HIGH

Key Information:

Vendor: Philips
Status: Encoreanywhere
Vendor: CVE Published:; 9 November 2023

Summary

The vulnerability in Philips EncoreAnywhere involves the HTTP header, which may inadvertently leak sensitive data. This exposure can potentially allow an attacker to access confidential information. Organizations using this product should evaluate their security measures and ensure that appropriate safeguards are implemented to mitigate the risks associated with this type of vulnerability.

Affected Version(s)

EncoreAnywhere 0 <= 2.36.3.3

References

https://www.cisa.gov/news-events/ics-advisories/icsma-18-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Mar 20, 2018

Credit

Philips reported this vulnerability