// For flags

CVE-2020-9347

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products

** EN DISPUTA ** Zoho ManageEngine Password Manager Pro hasta la versión de 10.x tiene una vulnerabilidad de inyección de macro en Excel CSV a través de un nombre especialmente diseñado que es mal manejado por la función Exportar contraseñas. NOTA: el proveedor cuestiona la importancia de este informe porque espera que una aplicación externa proporcione la mitigación del riesgo de CSV y no planea agregar restricciones de CSV a sus propios productos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-02-23 CVE Reserved
  • 2020-03-16 CVE Published
  • 2024-07-28 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.0"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.0"
build10001
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10100
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10101
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10102
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10103
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10104
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.2
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.2"
build10200
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10302
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10400
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10401
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10402
Affected