Main Vulnerability Database Vulnerabilities #VU47904

Input validation error in OnlineSuite - CVE-2020-25170

Published: October 26, 2020

Vulnerability identifier: #VU47904

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-25170

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OnlineSuite

Software vendor:
B. Braun Melsungen AG

Description

The vulnerability allows a remote administrator to compromise the target system.

The Excel Macro Injection vulnerability exists in the export feature via multiple input fields that are mishandled in an Excel export.

Install updates from vendor's website.