CVE-2020-27298

Name of the Vulnerable Software and Affected Versions: Philips Interventional Workspot versions 1.3.2 through 1.4.5 Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live version 1.0 ViewForum version 6.3V1L10

Description: The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Recommendations: For Philips Interventional Workspot versions 1.3.2 through 1.4.5, consider disabling the feature that constructs OS commands using externally influenced input until a patch is available. For Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live version 1.0, restrict access to the component that sends commands to downstream components to minimize the risk of exploitation. For ViewForum version 6.3V1L10, avoid using the feature that constructs OS commands using externally influenced input in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.