CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3426 – Use of default hardcoded credentials
https://notcve.org/view.php?id=CVE-2025-3426
07 Apr 2025 — We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Utilizing this flaw, the attacker... • https://www.cve.org/CVERecord?id=CVE-2025-3426 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3424 – 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
https://notcve.org/view.php?id=CVE-2025-3424
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. The IntelliSpace portal application utilizes .NET Remoting for i... • https://www.cve.org/CVERecord?id=CVE-2025-3424 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5454
https://notcve.org/view.php?id=CVE-2018-5454
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad por la que se habilitan métodos de depuración de código. Esto podría permitir que un atacante ejecute código arbitrario de forma remota durante el tiempo de ejecución. • http://www.securityfocus.com/bid/103182 • CWE-489: Active Debug Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5458
https://notcve.org/view.php?id=CVE-2018-5458
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad al emplear cifrado SSL heredado que podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5462
https://notcve.org/view.php?id=CVE-2018-5462
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado de nombre de host incorrecto. Esto podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5464
https://notcve.org/view.php?id=CVE-2018-5464
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado SSL inseguro. Esto podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5466
https://notcve.org/view.php?id=CVE-2018-5466
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado SSL autofirmado. Esto podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-5468
https://notcve.org/view.php?id=CVE-2018-5468
26 Mar 2018 — Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code Philips IntelliSpace Portal, en todas las versiones 7.0.x y 8.0.x, contiene una vulnerabilidad de acceso remoto al escritorio que podría permitir a un atacante obtener acceso no autorizado y, en algunos casos, escalar su nivel de privilegios o ejecutar código arbitrario. • http://www.securityfocus.com/bid/103182 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5470
https://notcve.org/view.php?id=CVE-2018-5470
26 Mar 2018 — Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, se ha identificado una vulnerabilidad de elemento o ruta de búsqueda no entrecomillados. Esto podría permitir a un usuario local autorizado ejecutar código arbitrario y escalar su nivel de privileg... • http://www.securityfocus.com/bid/103182 • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •