Search criteria
6 vulnerabilities found for Network Management System by SevOne
CVE-2020-36531 (GCVE-0-2020-36531)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Device Manager Page injection
Summary
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.
Severity ?
6.3 (Medium)
CWE
- CWE-74 - Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:30.191392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:06.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:41.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "SevOne Network Management System Device Manager Page injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36531",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Device Manager Page injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162263",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36531",
"datePublished": "2022-06-03T19:10:41.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:06.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36530 (GCVE-0-2020-36530)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Alert Summary sql injection
Summary
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
Severity ?
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36530",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:06.253430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:15.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:39.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "SevOne Network Management System Alert Summary sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36530",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Alert Summary sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162262",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36530",
"datePublished": "2022-06-03T19:10:39.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:15.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36529 (GCVE-0-2020-36529)
Vulnerability from nvd – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Traceroute traceroute.php command injection
Summary
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
Severity ?
8.8 (High)
CWE
- CWE-77 - Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:38.268250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:27.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:38.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "SevOne Network Management System Traceroute traceroute.php command injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36529",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Traceroute traceroute.php command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162261",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36529",
"datePublished": "2022-06-03T19:10:38.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:27.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36531 (GCVE-0-2020-36531)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Device Manager Page injection
Summary
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.
Severity ?
6.3 (Medium)
CWE
- CWE-74 - Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:30.191392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:06.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:41.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162263"
}
],
"title": "SevOne Network Management System Device Manager Page injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36531",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Device Manager Page injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162263",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36531",
"datePublished": "2022-06-03T19:10:41.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:06.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36530 (GCVE-0-2020-36530)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Alert Summary sql injection
Summary
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
Severity ?
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36530",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:06.253430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:15.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:39.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162262"
}
],
"title": "SevOne Network Management System Alert Summary sql injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36530",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Alert Summary sql injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162262",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36530",
"datePublished": "2022-06-03T19:10:39.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:15.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36529 (GCVE-0-2020-36529)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:36
VLAI?
Title
SevOne Network Management System Traceroute traceroute.php command injection
Summary
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
Severity ?
8.8 (High)
CWE
- CWE-77 - Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SevOne | Network Management System |
Affected:
5.7.2.0
Affected: 5.7.2.1 Affected: 5.7.2.2 Affected: 5.7.2.3 Affected: 5.7.2.4 Affected: 5.7.2.5 Affected: 5.7.2.6 Affected: 5.7.2.7 Affected: 5.7.2.8 Affected: 5.7.2.9 Affected: 5.7.2.10 Affected: 5.7.2.11 Affected: 5.7.2.12 Affected: 5.7.2.13 Affected: 5.7.2.14 Affected: 5.7.2.15 Affected: 5.7.2.16 Affected: 5.7.2.17 Affected: 5.7.2.18 Affected: 5.7.2.19 Affected: 5.7.2.20 Affected: 5.7.2.21 Affected: 5.7.2.22 |
Credits
Calvin Phang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:38.268250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:36:27.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Network Management System",
"vendor": "SevOne",
"versions": [
{
"status": "affected",
"version": "5.7.2.0"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.7.2.2"
},
{
"status": "affected",
"version": "5.7.2.3"
},
{
"status": "affected",
"version": "5.7.2.4"
},
{
"status": "affected",
"version": "5.7.2.5"
},
{
"status": "affected",
"version": "5.7.2.6"
},
{
"status": "affected",
"version": "5.7.2.7"
},
{
"status": "affected",
"version": "5.7.2.8"
},
{
"status": "affected",
"version": "5.7.2.9"
},
{
"status": "affected",
"version": "5.7.2.10"
},
{
"status": "affected",
"version": "5.7.2.11"
},
{
"status": "affected",
"version": "5.7.2.12"
},
{
"status": "affected",
"version": "5.7.2.13"
},
{
"status": "affected",
"version": "5.7.2.14"
},
{
"status": "affected",
"version": "5.7.2.15"
},
{
"status": "affected",
"version": "5.7.2.16"
},
{
"status": "affected",
"version": "5.7.2.17"
},
{
"status": "affected",
"version": "5.7.2.18"
},
{
"status": "affected",
"version": "5.7.2.19"
},
{
"status": "affected",
"version": "5.7.2.20"
},
{
"status": "affected",
"version": "5.7.2.21"
},
{
"status": "affected",
"version": "5.7.2.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Calvin Phang"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:38.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.162261"
}
],
"title": "SevOne Network Management System Traceroute traceroute.php command injection",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36529",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "SevOne Network Management System Traceroute traceroute.php command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
},
"vendor_name": "SevOne"
}
]
}
},
"credit": "Calvin Phang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"name": "https://vuldb.com/?id.162261",
"refsource": "MISC",
"url": "https://vuldb.com/?id.162261"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36529",
"datePublished": "2022-06-03T19:10:38.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:36:27.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}