How severe is CVE-2020-9347?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-9347?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2020-9347

CRITICAL Year: 2020

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-1236

View all →

Vulnerability Description

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products

CVE-2018-11652

CRITICAL

CVSS:9.8(Critical)

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV re...

CWE-12362018

CVE-2018-20752

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a us...

CWE-12362018

CVE-2018-8092

CRITICAL

CVSS:9.8(Critical)

Mautic before 2.13.0 allows CSV injection.

CWE-12362018

CVE-2019-0403

CRITICAL

CVSS:9.8(Critical)

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

CWE-12362019