CVE-2020-10780 is a vulnerability in Red Hat Cloudforms Management Engine
Published on August 11, 2020
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.
Products Associated with CVE-2020-10780
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10780 are published in Red Hat Cloudforms Management Engine:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.