CVE-2020-36530

Summary

A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.

Affected Software

VendorProductVersion RangeStatus
SevOneNetwork Management System5.7.2.0affected
SevOneNetwork Management System5.7.2.1affected
SevOneNetwork Management System5.7.2.2affected
SevOneNetwork Management System5.7.2.3affected
SevOneNetwork Management System5.7.2.4affected
SevOneNetwork Management System5.7.2.5affected
SevOneNetwork Management System5.7.2.6affected
SevOneNetwork Management System5.7.2.7affected
SevOneNetwork Management System5.7.2.8affected
SevOneNetwork Management System5.7.2.9affected
SevOneNetwork Management System5.7.2.10affected
SevOneNetwork Management System5.7.2.11affected
SevOneNetwork Management System5.7.2.12affected
SevOneNetwork Management System5.7.2.13affected
SevOneNetwork Management System5.7.2.14affected
SevOneNetwork Management System5.7.2.15affected
SevOneNetwork Management System5.7.2.16affected
SevOneNetwork Management System5.7.2.17affected
SevOneNetwork Management System5.7.2.18affected
SevOneNetwork Management System5.7.2.19affected
SevOneNetwork Management System5.7.2.20affected
SevOneNetwork Management System5.7.2.21affected
SevOneNetwork Management System5.7.2.22affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References