Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for onlinesuite_application_package by bbraun

    CVE-2020-25172 (GCVE-0-2020-25172)

    Vulnerability from cvelistv5 – Published: 2020-11-06 16:09 – Updated: 2024-09-16 18:39
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "RELATIVE PATH TRAVERSAL CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:09:16.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25172",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RELATIVE PATH TRAVERSAL CWE-23"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25172",
        "datePublished": "2020-11-06T16:09:16.397Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:05.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25174 (GCVE-0-2020-25174)

    Vulnerability from cvelistv5 – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:16
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:08:41.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25174",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25174",
        "datePublished": "2020-11-06T16:08:41.727Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:16:15.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25170 (GCVE-0-2020-25170)

    Vulnerability from cvelistv5 – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:56
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
    Severity
    No CVSS data available.
    CWE
    • CWE-1236 - IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:09.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:08:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25170",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25170",
        "datePublished": "2020-11-06T16:08:07.525Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:57.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25172 (GCVE-0-2020-25172)

    Vulnerability from nvd – Published: 2020-11-06 16:09 – Updated: 2024-09-16 18:39
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "RELATIVE PATH TRAVERSAL CWE-23",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:09:16.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25172",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RELATIVE PATH TRAVERSAL CWE-23"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25172",
        "datePublished": "2020-11-06T16:09:16.397Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:05.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25174 (GCVE-0-2020-25174)

    Vulnerability from nvd – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:16
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:10.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:08:41.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25174",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25174",
        "datePublished": "2020-11-06T16:08:41.727Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:16:15.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25170 (GCVE-0-2020-25170)

    Vulnerability from nvd – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:56
    VLAI
    Title
    B. Braun OnlineSuite
    Summary
    An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
    Severity
    No CVSS data available.
    CWE
    • CWE-1236 - IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236
    Assigner
    References
    Impacted products
    Vendor Product Version
    B. Braun Melsungen AG OnlineSuite Affected: AP , ≤ 3.0 (custom)
    Create a notification for this product.
    Date Public
    2020-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:26:09.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OnlineSuite",
              "vendor": "B. Braun Melsungen AG",
              "versions": [
                {
                  "lessThanOrEqual": "3.0",
                  "status": "affected",
                  "version": "AP",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T16:08:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
            }
          ],
          "source": {
            "advisory": "ICSMA-20-296-01",
            "discovery": "UNKNOWN"
          },
          "title": "B. Braun OnlineSuite",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
              "ID": "CVE-2020-25170",
              "STATE": "PUBLIC",
              "TITLE": "B. Braun OnlineSuite"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OnlineSuite",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "AP",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B. Braun Melsungen AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSMA-20-296-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-25170",
        "datePublished": "2020-11-06T16:08:07.525Z",
        "dateReserved": "2020-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:57.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }