CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9347

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products

Exploit prediction scoring system (EPSS) score

EPSS Score 0.245

EPSS Ranking 95.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-9347

Zohocorp » Manageengine Password Manager Pro » Version: 10.0

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.0
Zohocorp » Manageengine Password Manager Pro » Version: 10.1

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1
Zohocorp » Manageengine Password Manager Pro » Version: 10.2

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2
Zohocorp » Manageengine Password Manager Pro » Version: 10.3

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3
Zohocorp » Manageengine Password Manager Pro » Version: 10.4

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9347

Products

Pricing

Contact Us