CSV Injection Vulnerability in ManageOne by Huawei
CVE-2020-9205
4.9MEDIUM
Summary
A CSV injection vulnerability exists in ManageOne version 8.0.1, which allows an attacker with common privileges to exploit the system by injecting malicious CSV content. This vulnerability arises from insufficient input validation of certain parameters, enabling attackers to manipulate CSV files that can adversely affect the security and integrity of user data on the target device.
Affected Version(s)
ManageOne 8.0.1
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved