PT-2018-8516 · Philips · Philips Dosewise Portal

Published

2018-04-24

Updated

2019-10-09

CVE-2017-9654

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Philips DoseWise Portal versions 1.1.7.333 and 2.1.1.3069

Description The issue concerns the storage of login credentials in clear text within backend system files. This affects the security of user authentication data.

Recommendations For version 1.1.7.333, update the software to a version that securely stores login credentials. For version 2.1.1.3069, update the software to a version that securely stores login credentials. As a temporary workaround, consider restricting access to the backend system files to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-312

Related Identifiers

CVE-2017-9654

Affected Products

Philips Dosewise Portal

PT-2018-8516 · Philips · Philips Dosewise Portal

CVE-2017-9654

Weakness Enumeration

Related Identifiers

Affected Products

References · 5