CVE-2020-9205: Input Validation
First published: Sat Feb 06 2021(Updated: )
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei ManageOne | =8.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-9205.
What is the affected software?
The affected software is Huawei ManageOne 8.0.1.
What is the severity of CVE-2020-9205?
The severity of CVE-2020-9205 is medium.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-20 and CWE-1236.
How can an attacker exploit this vulnerability?
An attacker with common privilege can exploit this vulnerability through some operations to inject CSV files.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/author
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei manageone
- version/huawei manageone/8.0.1