Search criteria
6 vulnerabilities found for Network Management System by SevOne
CVE-2020-36531 (GCVE-0-2020-36531)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Device Manager Page injection
Summary
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162263 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:30.191392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:06.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:41.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "SevOne Network Management System Device Manager Page injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36531",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Device Manager Page injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162263",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36531",
"datePublished": "2022-06-03T19:10:41.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:06.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36530 (GCVE-0-2020-36530)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Alert Summary sql injection
Summary
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162262 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36530",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:06.253430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:15.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:39.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "SevOne Network Management System Alert Summary sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36530",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Alert Summary sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162262",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36530",
"datePublished": "2022-06-03T19:10:39.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:15.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36529 (GCVE-0-2020-36529)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Traceroute traceroute.php command injection
Summary
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162261 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:38.268250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:27.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:38.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "SevOne Network Management System Traceroute traceroute.php command injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36529",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Traceroute traceroute.php command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162261",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36529",
"datePublished": "2022-06-03T19:10:38.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:27.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36531 (GCVE-0-2020-36531)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Device Manager Page injection
Summary
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162263 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:30.191392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:06.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:41.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "SevOne Network Management System Device Manager Page injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36531",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Device Manager Page injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162263",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36531",
"datePublished": "2022-06-03T19:10:41.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:06.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36530 (GCVE-0-2020-36530)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Alert Summary sql injection
Summary
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162262 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36530",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:06.253430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:15.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:39.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "SevOne Network Management System Alert Summary sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36530",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Alert Summary sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162262",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36530",
"datePublished": "2022-06-03T19:10:39.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:15.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36529 (GCVE-0-2020-36529)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI
Title
SevOne Network Management System Traceroute traceroute.php command injection
Summary
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2020/Oct/5 | x_refsource_MISC |
| https://vuldb.com/?id.162261 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:38.268250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:27.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:38.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "SevOne Network Management System Traceroute traceroute.php command injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36529",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Traceroute traceroute.php command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162261",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36529",
"datePublished": "2022-06-03T19:10:38.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:27.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}