CVE-2020-9347

** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products.
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.0:build10001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.0:-:*:*:*:*:*:*

Information

Published : 2020-03-16 10:15

Updated : 2022-04-18 02:29


NVD link : CVE-2020-9347

Mitre link : CVE-2020-9347

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File