{"containers": {"cna": {"affected": [{"product": "Network Management System", "vendor": "SevOne", "versions": [{"status": "affected", "version": "5.7.2.0"}, {"status": "affected", "version": "5.7.2.1"}, {"status": "affected", "version": "5.7.2.2"}, {"status": "affected", "version": "5.7.2.3"}, {"status": "affected", "version": "5.7.2.4"}, {"status": "affected", "version": "5.7.2.5"}, {"status": "affected", "version": "5.7.2.6"}, {"status": "affected", "version": "5.7.2.7"}, {"status": "affected", "version": "5.7.2.8"}, {"status": "affected", "version": "5.7.2.9"}, {"status": "affected", "version": "5.7.2.10"}, {"status": "affected", "version": "5.7.2.11"}, {"status": "affected", "version": "5.7.2.12"}, {"status": "affected", "version": "5.7.2.13"}, {"status": "affected", "version": "5.7.2.14"}, {"status": "affected", "version": "5.7.2.15"}, {"status": "affected", "version": "5.7.2.16"}, {"status": "affected", "version": "5.7.2.17"}, {"status": "affected", "version": "5.7.2.18"}, {"status": "affected", "version": "5.7.2.19"}, {"status": "affected", "version": "5.7.2.20"}, {"status": "affected", "version": "5.7.2.21"}, {"status": "affected", "version": "5.7.2.22"}]}], "credits": [{"lang": "en", "value": "Calvin Phang"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-03T19:10:41.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.162263"}], "title": "SevOne Network Management System Device Manager Page injection", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2020-36531", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SevOne Network Management System Device Manager Page injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Network Management System", "version": {"version_data": [{"version_value": "5.7.2.0"}, {"version_value": "5.7.2.1"}, {"version_value": "5.7.2.2"}, {"version_value": "5.7.2.3"}, {"version_value": "5.7.2.4"}, {"version_value": "5.7.2.5"}, {"version_value": "5.7.2.6"}, {"version_value": "5.7.2.7"}, {"version_value": "5.7.2.8"}, {"version_value": "5.7.2.9"}, {"version_value": "5.7.2.10"}, {"version_value": "5.7.2.11"}, {"version_value": "5.7.2.12"}, {"version_value": "5.7.2.13"}, {"version_value": "5.7.2.14"}, {"version_value": "5.7.2.15"}, {"version_value": "5.7.2.16"}, {"version_value": "5.7.2.17"}, {"version_value": "5.7.2.18"}, {"version_value": "5.7.2.19"}, {"version_value": "5.7.2.20"}, {"version_value": "5.7.2.21"}, {"version_value": "5.7.2.22"}]}}]}, "vendor_name": "SevOne"}]}}, "credit": "Calvin Phang", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74 Injection"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2020/Oct/5", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"name": "https://vuldb.com/?id.162263", "refsource": "MISC", "url": "https://vuldb.com/?id.162263"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.415Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.162263"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:14:30.191392Z", "id": "CVE-2020-36531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T14:36:06.194Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2020-36531", "datePublished": "2022-06-03T19:10:41.000Z", "dateReserved": "2022-06-03T00:00:00.000Z", "dateUpdated": "2025-04-15T14:36:06.194Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Network Management System", "vendor": "SevOne", "versions": [{"status": "affected", "version": "5.7.2.0"}, {"status": "affected", "version": "5.7.2.1"}, {"status": "affected", "version": "5.7.2.2"}, {"status": "affected", "version": "5.7.2.3"}, {"status": "affected", "version": "5.7.2.4"}, {"status": "affected", "version": "5.7.2.5"}, {"status": "affected", "version": "5.7.2.6"}, {"status": "affected", "version": "5.7.2.7"}, {"status": "affected", "version": "5.7.2.8"}, {"status": "affected", "version": "5.7.2.9"}, {"status": "affected", "version": "5.7.2.10"}, {"status": "affected", "version": "5.7.2.11"}, {"status": "affected", "version": "5.7.2.12"}, {"status": "affected", "version": "5.7.2.13"}, {"status": "affected", "version": "5.7.2.14"}, {"status": "affected", "version": "5.7.2.15"}, {"status": "affected", "version": "5.7.2.16"}, {"status": "affected", "version": "5.7.2.17"}, {"status": "affected", "version": "5.7.2.18"}, {"status": "affected", "version": "5.7.2.19"}, {"status": "affected", "version": "5.7.2.20"}, {"status": "affected", "version": "5.7.2.21"}, {"status": "affected", "version": "5.7.2.22"}]}], "credits": [{"lang": "en", "value": "Calvin Phang"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-03T19:10:41.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.162263"}], "title": "SevOne Network Management System Device Manager Page injection", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2020-36531", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SevOne Network Management System Device Manager Page injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Network Management System", "version": {"version_data": [{"version_value": "5.7.2.0"}, {"version_value": "5.7.2.1"}, {"version_value": "5.7.2.2"}, {"version_value": "5.7.2.3"}, {"version_value": "5.7.2.4"}, {"version_value": "5.7.2.5"}, {"version_value": "5.7.2.6"}, {"version_value": "5.7.2.7"}, {"version_value": "5.7.2.8"}, {"version_value": "5.7.2.9"}, {"version_value": "5.7.2.10"}, {"version_value": "5.7.2.11"}, {"version_value": "5.7.2.12"}, {"version_value": "5.7.2.13"}, {"version_value": "5.7.2.14"}, {"version_value": "5.7.2.15"}, {"version_value": "5.7.2.16"}, {"version_value": "5.7.2.17"}, {"version_value": "5.7.2.18"}, {"version_value": "5.7.2.19"}, {"version_value": "5.7.2.20"}, {"version_value": "5.7.2.21"}, {"version_value": "5.7.2.22"}]}}]}, "vendor_name": "SevOne"}]}}, "credit": "Calvin Phang", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "6.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74 Injection"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2020/Oct/5", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"name": "https://vuldb.com/?id.162263", "refsource": "MISC", "url": "https://vuldb.com/?id.162263"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.415Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.162263"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:14:30.191392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:14:31.956Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2020-36531", "datePublished": "2022-06-03T19:10:41.000Z", "dateReserved": "2022-06-03T00:00:00.000Z", "dateUpdated": "2025-04-15T14:36:06.194Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sevone_network_performance_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "77C1ADBA-337D-4FE9-910A-625319EED454", "versionEndIncluding": "5.7.2.22", "versionStartIncluding": "5.7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en SevOne Network Management System versiones hasta 5.7.2.22. Este problema afecta a la p\u00e1gina del administrador de dispositivos. Una inyecci\u00f3n conlleva a una escalada de privilegios. El ataque puede iniciarse de forma remota"}], "id": "CVE-2020-36531", "lastModified": "2024-11-21T05:29:46.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-07T18:15:10.843", "references": [{"source": "cna@vuldb.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.162263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Oct/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.162263"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1236"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}