Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2020-9347 | First vendor Publication | 2020-03-16 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9347 |
CPE : Common Platform Enumeration
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:49:03 |
|
| 2024-08-04 17:27:52 |
|
| 2024-05-17 09:28:26 |
|
| 2024-05-14 21:28:12 |
|
| 2024-04-11 09:28:28 |
|
| 2024-03-21 09:28:30 |
|
| 2023-11-07 21:37:48 |
|
| 2022-04-18 21:23:14 |
|
| 2021-08-05 01:40:58 |
|
| 2021-07-21 17:24:20 |
|
| 2021-05-04 14:05:24 |
|
| 2021-04-22 03:10:39 |
|
| 2020-05-23 02:41:04 |
|
