CVE-2020-9205

Name of the Vulnerable Software and Affected Versions: ManageOne version 8.0.1

Description: The issue is related to a CSV injection vulnerability. An attacker with common privilege may exploit this vulnerability through some operations to inject CSV files. The vulnerability is caused by insufficient input validation of some parameters, allowing the attacker to inject CSV files to the target device.

Recommendations: For ManageOne version 8.0.1, ensure proper input validation of parameters to prevent CSV injection. As a temporary workaround, consider restricting access to operations that may be used to inject CSV files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.