Lucene search
PRIOn knowledge basePRION:CVE-2020-10780HistoryAug 11, 2020 - 2:15 p.m.
Input validation
2020-08-1114:15:00
PRIOn knowledge base
www.prio-n.com
4
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloudforms_management_engine | eq | 5.0 | |
| cloudforms_management_engine | eq | 4.7 |
Related
redhatcve
redhatcve
CVE-2020-10780
2020-08-03 14:15:40
cve
cve
CVE-2020-10780
2020-08-11 14:15:11
nvd
nvd
CVE-2020-10780
2020-08-11 14:15:11
veracode
veracode
CSV Injection
2020-08-07 02:30:41
cvelist
cvelist
CVE-2020-10780
2020-08-11 13:32:24
nessus
nessus
RHEL 8 : CloudForms 5.0.7 update (Critical) (RHSA-2020:3358)
2020-08-06 00:00:00
redhat
redhat
(RHSA-2020:3358) Critical: CloudForms 5.0.7 bug fix and enhancement update
2020-08-06 14:27:00