exploitDog

CVE-2020-9205

Опубликовано: 06 фев. 2021

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00127

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-c52j-mfvx-x96x

github

больше 3 лет назад

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

EPSS

Процентиль: 32%

0.00127

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1236