{"api_version":"1","generated_at":"2026-04-22T22:03:32+00:00","cve":"CVE-2020-14506","urls":{"html":"https://cve.report/CVE-2020-14506","api":"https://cve.report/api/cve/CVE-2020-14506.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14506","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14506"},"summary":{"title":"CVE-2020-14506","description":"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-09-18 18:15:00","updated_at":"2020-09-25 18:18:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01","name":"https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Philips Clinical Collaboration Platform | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14506","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14506","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14506","vulnerable":"1","versionEndIncluding":"12.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"clinical_collaboration_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14506","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Philips Clinical Collaboration Platform","version":{"version_data":[{"version_value":"Versions 12.2.1 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01","url":"https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"}]},"description":{"description_data":[{"lang":"eng","value":"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly."}]}},"nvd":{"publishedDate":"2020-09-18 18:15:00","lastModifiedDate":"2020-09-25 18:18:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:clinical_collaboration_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"12.2.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14506","Ordinal":"175883","Title":"CVE-2020-14506","CVE":"CVE-2020-14506","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14506","Ordinal":"1","NoteData":"Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14506","Ordinal":"2","NoteData":"2020-09-18","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14506","Ordinal":"3","NoteData":"2020-09-18","Type":"Other","Title":"Modified"}]}}}