CVE-2020-25170

HIGH

B. Braun OnlineSuite <AP 3.0 - Code Injection

Title source: llm

Description

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.

References (1)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 36.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

bbraun/onlinesuite_application_package < 3.0

Published Nov 06, 2020

Tracked Since Feb 18, 2026