CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10780

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.8%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 4.9

References

https://access.redhat.com/security/cve/cve-2020-10780
https://bugzilla.redhat.com/show_bug.cgi?id=1847794
https://access.redhat.com/security/cve/cve-2020-10780
https://bugzilla.redhat.com/show_bug.cgi?id=1847794

Products affected by CVE-2020-10780

Redhat » Cloudforms Management Engine » Version: 4.7

cpe:2.3:a:redhat:cloudforms_management_engine:4.7
Redhat » Cloudforms Management Engine » Version: 5.0

cpe:2.3:a:redhat:cloudforms_management_engine:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10780

Products

Pricing

Contact Us