CSV Excel Macro Injection Vulnerability in Zoho ManageEngine Password Manager Pro
CVE-2020-9347

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Password Manager Pro
Vendor: CVE Published:; 16 March 2020

What is CVE-2020-9347?

Zoho ManageEngine Password Manager Pro versions up to 10.x contains a vulnerability that allows an attacker to exploit the Export Passwords feature through a specially crafted name. This vulnerability can lead to malicious Excel macros being executed, potentially compromising sensitive password data. Although the vendor awaits external application measures for CSV risk mitigation, users should remain vigilant and implement alternative security practices to safeguard their data.

References

https://www.infigo.hr/upload/web_struktura/Zoho_ManageEng...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2020
Vulnerability Reserved
Feb 23, 2020

Zohocorp

What is CVE-2020-9347?

References

CVSS V3.1

Timeline