Input validation error in OnlineSuite - CVE-2020-25170
Published: October 26, 2020
Vulnerability identifier: #VU47904
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-25170
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: B. Braun Melsungen AG
Affected software:
OnlineSuite
OnlineSuite
Detailed vulnerability description
The vulnerability allows a remote administrator to compromise the target system.
The Excel Macro Injection vulnerability exists in the export feature via multiple input fields that are mishandled in an Excel export.
How to mitigate CVE-2020-25170
Install updates from vendor's website.