{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T18:19:11.571","vulnerabilities":[{"cve":{"id":"CVE-2020-10780","sourceIdentifier":"secalert@redhat.com","published":"2020-08-11T14:15:11.383","lastModified":"2024-11-21T04:56:03.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities."},{"lang":"es","value":"Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de inyección CSV, una carga útil diseñada permanece inactiva hasta que una víctima la exporta como CSV y abre el archivo con Excel. Una vez que la víctima abre el archivo, la fórmula es ejecutada, desencadenando cualquier número de posibles eventos. Si bien esto no es estrictamente un fallo que afecte directamente a una aplicación, los atacantes podrían usar los parámetros poco comprobados para desencadenar varias posibilidades de ataque"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms_management_engine:4.7:*:*:*:*:*:*:*","matchCriteriaId":"D5B8649B-781F-4759-B16A-722CB4E083F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7098B44F-56BF-42E3-8831-48D0A8E99EE2"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/cve-2020-10780","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847794","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2020-10780","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}