Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Analysis
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Technical ContextAI
Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells.
RemediationAI
Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, prov
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execut
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and mainten
When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, do
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Rated medium severity (CVSS 4.3), this vulnerability
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-
Same weakness CWE-77 – Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16680