CVE-2020-12023

Name of the Vulnerable Software and Affected Versions Philips IntelliBridge Enterprise (IBE) versions B.12 and prior

Description The issue concerns the logging of unencrypted user credentials within the transaction logs of the IntelliBridge Enterprise system. These logs are secured behind a login-based administrative web portal. The credentials are sent from products like SureSigns, EarlyVue, and IntelliVue Guardian for authentication purposes and are logged in plain text. An attacker with administrative privileges could exploit this to read plain text credentials from log files.

Recommendations For Philips IntelliBridge Enterprise (IBE) versions B.12 and prior, consider restricting access to the transaction logs to minimize the risk of exploitation. As a temporary workaround, limit the administrative privileges to only those necessary for operation, reducing the potential for an attacker to access the logs.