Vulnerability Details : CVE-2020-36531
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.
Vulnerability category: Gain privilege
Products affected by CVE-2020-36531
- IBM » Sevone Network Performance ManagementVersions from including (>=) 5.7.2.0 and up to, including, (<=) 5.7.2.22cpe:2.3:a:ibm:sevone_network_performance_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36531
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36531
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
6.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
VulDB | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-36531
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: cna@vuldb.com (Secondary)
-
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36531
-
https://vuldb.com/?id.162263
CVE-2020-36531 | SevOne Network Management System Device Manager Page injectionThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2020/Oct/5
Full Disclosure: SEC Consult SA-20201002-0 :: Multiple Vulnerabilities in SevOne Network Management System (NMS)Mailing List;Third Party Advisory
Jump to