Published: 11/08/2020 Updated: 21/07/2021

CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.3 | Impact Score: 4.2 | Exploitability Score: 2.1

VMScore: 436

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Subscribe to Cloudforms Management Engine

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat cloudforms management engine 4.7
redhat cloudforms management engine 5.0

Synopsis Critical: CloudForms 507 bug fix and enhancement update Type/Severity Security Advisory: Critical Topic An update is now available for CloudForms Management Engine 511Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (C ...

CWE-1236 https://access.redhat.com/security/cve/cve-2020-10780 https://bugzilla.redhat.com/show_bug.cgi?id=1847794 https://access.redhat.com/errata/RHSA-2020:3358 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-10780

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect