CVE-2020-25170
B. Braun OnlineSuite
In short
B. Braun OnlineSuite allows attackers to inject malicious Excel macros through export fields, which can execute dangerous code when the exported file is opened. This is a risk because users may unknowingly enable macros in trusted-looking documents.
Technical detail
Excel Macro Injection vulnerability in B. Braun OnlineSuite v3.0 and earlier allows an attacker to inject arbitrary VBA macros through multiple input fields during Excel export functionality. When a user opens the exported file and enables macros, the injected code executes with the privileges of the user, enabling remote code execution or data exfiltration.
Summary generated and translated by AI from the official description.
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
Affected products
B. Braun Melsungen AG · OnlineSuiteWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →