Input validation error in OnlineSuite - CVE-2020-25170

 

Input validation error in OnlineSuite - CVE-2020-25170

Published: October 26, 2020


Vulnerability identifier: #VU47904
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-25170
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: B. Braun Melsungen AG
Affected software:
OnlineSuite

Detailed vulnerability description

The vulnerability allows a remote administrator to compromise the target system.

The Excel Macro Injection vulnerability exists in the export feature via multiple input fields that are mishandled in an Excel export.


How to mitigate CVE-2020-25170

Install updates from vendor's website.

Sources