CVE-2021-37131

Name of the Vulnerable Software and Affected Versions ManageOne (affected versions not specified) iManager NetEco (affected versions not specified) iManager NetEco 6000 (affected versions not specified)

Description The issue is related to a CSV injection vulnerability. An attacker with high privilege may exploit this vulnerability through some operations to inject CSV files. The vulnerability is due to insufficient input validation of some parameters, allowing the attacker to inject CSV files to the target device. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations For ManageOne, consider disabling the functionality that allows CSV file injection until a patch is available. For iManager NetEco, restrict access to the vulnerable parameters to minimize the risk of exploitation. For iManager NetEco 6000, avoid using the vulnerable operations that allow CSV file injection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.