CVE-2020-9347
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products
** EN DISPUTA ** Zoho ManageEngine Password Manager Pro hasta la versión de 10.x tiene una vulnerabilidad de inyección de macro en Excel CSV a través de un nombre especialmente diseñado que es mal manejado por la función Exportar contraseñas. NOTA: el proveedor cuestiona la importancia de este informe porque espera que una aplicación externa proporcione la mitigación del riesgo de CSV y no planea agregar restricciones de CSV a sus propios productos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-23 CVE Reserved
- 2020-03-16 CVE Published
- 2024-07-28 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.infigo.hr/upload/web_struktura/Zoho_ManageEngine_Password_Manager_Pro_10.x_CSV_Excel_Macro_Injection.txt | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.0" | - |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.0" | build10001 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10100 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10101 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10102 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10103 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10104 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.2" | build10200 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10300 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10301 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10302 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | - |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10400 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10401 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10402 |
Affected
|