Description
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01
Scores
CVSS v3
7.8
EPSS
0.0097
EPSS Percentile
56.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1236
Status
published
Products (1)
bbraun/onlinesuite_application_package
< 3.0
Published
Nov 06, 2020
Tracked Since
Feb 18, 2026