Search criteria
3 vulnerabilities by bbraun
CVE-2020-25172 (GCVE-0-2020-25172)
Vulnerability from cvelistv5 – Published: 2020-11-06 16:09 – Updated: 2024-09-16 18:39
VLAI?
Title
B. Braun OnlineSuite
Summary
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
Severity ?
No CVSS data available.
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B. Braun Melsungen AG | OnlineSuite |
Affected:
AP , ≤ 3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnlineSuite",
"vendor": "B. Braun Melsungen AG",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "AP",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T16:09:16",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
},
"title": "B. Braun OnlineSuite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
"ID": "CVE-2020-25172",
"STATE": "PUBLIC",
"TITLE": "B. Braun OnlineSuite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnlineSuite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "AP",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "B. Braun Melsungen AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
]
},
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25172",
"datePublished": "2020-11-06T16:09:16.397700Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-16T18:39:05.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25174 (GCVE-0-2020-25174)
Vulnerability from cvelistv5 – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:16
VLAI?
Title
B. Braun OnlineSuite
Summary
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.
Severity ?
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B. Braun Melsungen AG | OnlineSuite |
Affected:
AP , ≤ 3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnlineSuite",
"vendor": "B. Braun Melsungen AG",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "AP",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T16:08:41",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
},
"title": "B. Braun OnlineSuite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
"ID": "CVE-2020-25174",
"STATE": "PUBLIC",
"TITLE": "B. Braun OnlineSuite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnlineSuite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "AP",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "B. Braun Melsungen AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
]
},
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25174",
"datePublished": "2020-11-06T16:08:41.727185Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-17T00:16:15.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25170 (GCVE-0-2020-25170)
Vulnerability from cvelistv5 – Published: 2020-11-06 16:08 – Updated: 2024-09-17 00:56
VLAI?
Title
B. Braun OnlineSuite
Summary
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
Severity ?
No CVSS data available.
CWE
- CWE-1236 - IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B. Braun Melsungen AG | OnlineSuite |
Affected:
AP , ≤ 3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnlineSuite",
"vendor": "B. Braun Melsungen AG",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "AP",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T16:08:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
],
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
},
"title": "B. Braun OnlineSuite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-10-22T15:00:00.000Z",
"ID": "CVE-2020-25170",
"STATE": "PUBLIC",
"TITLE": "B. Braun OnlineSuite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnlineSuite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "AP",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "B. Braun Melsungen AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF FORMULA ELEMENTS IN A CSV FILE CWE-1236"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01"
}
]
},
"source": {
"advisory": "ICSMA-20-296-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25170",
"datePublished": "2020-11-06T16:08:07.525834Z",
"dateReserved": "2020-09-04T00:00:00",
"dateUpdated": "2024-09-17T00:56:57.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}