CVE-2018-8852

CVE-2018-8852

Vendor Philips
Product e-Alert Unit (non-medical device)
Weakness CWE-384 · Session fixation
Published September 26, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.

Key dates

02Disclosure timeline

September 26, 2018 CVE published
September 16, 2024 Record updated