CVE-2020-36531

MEDIUM

SevOne Network Performance Management 5.7.2.0-5.7.2.22 - Privilege Escalation via Device Manager Page Injection

Title source: llm
STIX 2.1

Description

A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Oct/5
Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.162263

Scores

CVSS v3 6.3
EPSS 0.0075
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-1236
Status published
Products (1)
ibm/sevone_network_performance_management 5.7.2.0 - 5.7.2.22
Published Jun 07, 2022
Tracked Since Feb 18, 2026