CVE-2020-9115

Name of the Vulnerable Software and Affected Versions ManageOne versions 6.5.1.1.B010 through 6.5.1.1.B050, 8.0.0, 8.0.1

Description The issue is related to a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.

Recommendations For versions 6.5.1.1.B010 through 6.5.1.1.B050, consider restricting access to the plug-in component to minimize the risk of exploitation. For versions 8.0.0 and 8.0.1, consider implementing additional input validation measures for parameters to prevent command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.