CVE-2020-9347
Published Mar 16, 2020
Last updated 3 months ago
Overview
- Description
- Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-1236
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C9B2448-E35C-4198-A389-11F46D98907C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.0:build10001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "422EF4FC-F29E-4166-9EA0-C34BA3F160B6"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E6B99B8-4B22-40D6-8E9B-7E51C4E0BC03"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8DAC87D-4501-47B9-A3EE-7AC28646377B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83A397DA-91F0-42E9-8066-DBC2A02C680A"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4DA1517-9C49-4E46-9BE4-7B6A9B9CA71D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D56A0C6E-8865-409D-A7F3-600A466CB7F4"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92DCA776-14CD-4258-8804-1C531966F8FB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BB8CEB-43AE-43FC-80E9-1FD5D518C822"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5DBA962-E485-47FB-8C06-B74B28417E87"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E34CD968-6820-4D24-A792-F272E4A582BE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "310987F7-216C-47DC-9AEA-F383D31B2F8C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBE9858E-817C-4E40-B880-4B466272FD87"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B94A45F-595F-4F2A-83C9-501DDFDF1DC3"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA1DD26C-22D3-45F4-B877-605B56379A0B"
}
],
"operator": "OR"
}
]
}
]