CVE-2025-2229
- EPSS 0.02%
- Published 13.03.2025 19:15:52
- Last modified 13.03.2025 19:15:52
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
CVE-2025-2230
- EPSS 0.04%
- Published 13.03.2025 19:15:52
- Last modified 13.03.2025 19:15:52
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
CVE-2018-14787
- EPSS 0.06%
- Published 22.08.2018 18:29:00
- Last modified 21.11.2024 03:49:47
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permission...
CVE-2018-14789
- EPSS 0.09%
- Published 22.08.2018 18:29:00
- Last modified 21.11.2024 03:49:47
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and esca...
CVE-2018-5438
- EPSS 0.33%
- Published 20.03.2018 17:29:00
- Last modified 21.11.2024 04:08:48
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medic...
CVE-2017-14111
- EPSS 1.61%
- Published 17.11.2017 20:29:00
- Last modified 20.04.2025 01:37:25
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the applicati...