Home / Early Warning / Vulnerabilities / CVE-2020-9521

CVE-2020-9521

Type: 
SQL Injection
Severity: 
Medium
Publication date: 
03/26/2020
Last modified: 
03/30/2020
Description
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:microfocus:service_manager_automation:2019.08:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:service_manager_automation:2019.05:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:service_manager_automation:2019.02:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:service_manager_automation:2018.08:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:service_manager_automation:2018.05:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:service_manager_automation:2018.02:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields