CVE-2020-16214

Name of the Vulnerable Software and Affected Versions Patient Information Center iX (PICiX) versions B.02, C.02, C.03

Description The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.

Recommendations For versions B.02, C.02, C.03, consider disabling the feature that saves user-provided information into CSV files until a patch is available. Restrict access to the CSV files generated by the software to minimize the risk of exploitation. Avoid opening CSV files generated by the software in spreadsheet software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.