CVE-2020-9521

An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

Published: Mar 26, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9521
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
microfocus / service_manager_automation	2019.05	2019.05.x
microfocus / service_manager_automation	2019.02	2019.02.x
microfocus / service_manager_automation	2018.08	2018.08.x
microfocus / service_manager_automation	2018.05	2018.05.x
microfocus / service_manager_automation	2018.02	2018.02.x
microfocus / service_manager_automation	2019.08	2019.08.x

https://softwaresupport.softwaregrp.com/doc/KM03630615

Vulnerability Database

289,697

CVE-2020-9521