Process NFUs

6 files changed, 48 insertions, 48 deletions

diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 4b3204d264..75bb7dd7a0 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -197,7 +197,7 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout
 CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte  ...)
 	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
 CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...)
-	TODO: check
+	NOT-FOR-US: vBSeo
 CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4  ...)
 	NOT-FOR-US: phpMoneyBooks
 CVE-2012-6664
@@ -11191,7 +11191,7 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Editi
 CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
-	TODO: check
+	NOT-FOR-US: InfoSphere Guardium aix_ktap module
 CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...)
 	NOT-FOR-US: IBM Global Security Kit
 CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus  ...)
@@ -14733,7 +14733,7 @@ CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solut
 CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...)
 	NOT-FOR-US: IBM Tivoli Endpoint Manager
 CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 7e379a9ac2..9b34b47232 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -663,9 +663,9 @@ CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other
 CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
 	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
 CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...)
-	TODO: check
+	NOT-FOR-US: MobileIron
 CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
 	- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
 CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...)
@@ -923,7 +923,7 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam
 CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...)
 	NOT-FOR-US: QNAP QTS
 CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
 	- libiodbc2 <not-affected> (RPATH issue slackware specific)
 CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
@@ -1659,7 +1659,7 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier
 CVE-2013-6928
 	RESERVED
 CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...)
-	TODO: check
+	NOT-FOR-US: Internet TRiLOGI Server
 CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
 	NOT-FOR-US: Siemens
 CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
@@ -2198,7 +2198,7 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n
 CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliance
 CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...)
-	TODO: check
+	NOT-FOR-US: Tube Map Live Underground for Android
 CVE-2013-6680
 	REJECTED
 CVE-2013-6679
@@ -3246,11 +3246,11 @@ CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM su
 CVE-2013-6363
 	RESERVED
 CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2013-6361
 	RESERVED
 CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to  ...)
 	{DSA-2815-1 DLA-20-1}
 	- munin 2.0.18-1
@@ -3413,7 +3413,7 @@ CVE-2013-6297
 CVE-2013-6296
 	RESERVED
 CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2013-6294
 	RESERVED
 CVE-2013-6293
@@ -3449,7 +3449,7 @@ CVE-2013-6279
 CVE-2013-6278
 	RESERVED
 CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2013-6276
 	RESERVED
 CVE-2013-6274
@@ -4823,7 +4823,7 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...)
-	TODO: check
+	NOT-FOR-US: RiskNet Acquirer
 CVE-2013-5686
 	RESERVED
 CVE-2013-5685
@@ -6868,9 +6868,9 @@ CVE-2013-4794
 CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...)
 	NOT-FOR-US: Umbraco
 CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...)
@@ -9445,7 +9445,7 @@ CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) befor
 CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
 	NOT-FOR-US: DotNetNukeDot
 CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...)
-	TODO: check
+	NOT-FOR-US: Potplayer
 CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...)
 	NOT-FOR-US: XnView
 CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...)
@@ -10836,7 +10836,7 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20
 CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
 	NOT-FOR-US: NetApp OnCommand System Manager
 CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
@@ -12406,7 +12406,7 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Byp
 CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
 	NOT-FOR-US: Cisco
 CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
 	NOT-FOR-US: Cisco
 CVE-2013-2677
@@ -16444,7 +16444,7 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi
 CVE-2013-1411
 	RESERVED
 CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: Perforce
 CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...)
 	NOT-FOR-US: CommentLuv plugin for Wordpress
 CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...)
@@ -16462,9 +16462,9 @@ CVE-2013-1403
 CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
 	NOT-FOR-US: DigiLIBE
 CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...)
-	TODO: check
+	NOT-FOR-US: WordPress Poll Plugin for WordPress
 CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...)
-	TODO: check
+	NOT-FOR-US: WordPress Poll Plugin for WordPress
 CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...)
 	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
 CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 8cf855544e..7310ba7ce7 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -14071,7 +14071,7 @@ CVE-2014-4983
 CVE-2014-4982 (LPAR2RRD &#8804; 4.53 and &#8804; 3.5 has arbitrary command injection  ...)
 	NOT-FOR-US: LPAR2RRD
 CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...)
-	TODO: check
+	NOT-FOR-US: LPAR2RRD
 CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
 	NOT-FOR-US: Tenable Web UI for Nessus
 CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...)
@@ -16862,9 +16862,9 @@ CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterpris
 CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon  ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows  ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...)
@@ -20324,7 +20324,7 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to ca
 CVE-2014-2596
 	RESERVED
 CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Web Application Firewall (WAF)
 CVE-2014-2594
 	RESERVED
 CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...)
@@ -22898,7 +22898,7 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2,
 CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...)
 	NOT-FOR-US: UAEPD Shopping Cart Script
 CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...)
-	TODO: check
+	NOT-FOR-US: Microsys
 CVE-2014-1616
 	RESERVED
 CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index b1cf31c655..22e637b268 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -7684,7 +7684,7 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea
 CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
 	NOT-FOR-US: Lenovo
 CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
 	- serendipity <removed>
 CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...)
@@ -7810,7 +7810,7 @@ CVE-2015-6924
 CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol 2.3 ...)
 	NOT-FOR-US: VBox Communications Satellite Express Protocol
 CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x bef ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Virtual System Administrator
 CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab m ...)
 	NOT-FOR-US: Zendesk Feedback Tab for Drupal
 CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the sourc ...)
@@ -8778,7 +8778,7 @@ CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia
 CVE-2015-6590
 	RESERVED
 CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Virtual System Administrator
 CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...)
@@ -23211,7 +23211,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
 	NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
 CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: JAKWEB Gecko CMS
 CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
 	NOT-FOR-US: Gecko CMS
 CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow  ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e89ae29aeb..36ab217840 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -19329,7 +19329,7 @@ CVE-2019-12956
 CVE-2019-12955
 	RESERVED
 CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-12953
 	RESERVED
 CVE-2019-12952
@@ -22082,7 +22082,7 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS beca
 CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or  ...)
 	NOT-FOR-US: SoftEther VPN Server
 CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...)
-	TODO: check
+	NOT-FOR-US: Realtek NDIS driver rt640x64.sys
 CVE-2019-11866
 	RESERVED
 CVE-2019-11865
@@ -25163,7 +25163,7 @@ CVE-2019-10797
 CVE-2019-10796
 	RESERVED
 CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
-	TODO: check
+	NOT-FOR-US: undefsafe
 CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
 	TODO: check
 CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set  ...)
@@ -37985,15 +37985,15 @@ CVE-2019-6196
 CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
 	TODO: check
 CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
@@ -40081,7 +40081,7 @@ CVE-2019-5324
 CVE-2019-5323
 	RESERVED
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
-	TODO: check
+	NOT-FOR-US: Edge Switch models
 CVE-2019-5321
 	RESERVED
 CVE-2019-5320
@@ -42862,7 +42862,7 @@ CVE-2019-4000
 CVE-2019-3999
 	RESERVED
 CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
-	TODO: check
+	NOT-FOR-US: SimpliSafe SS3 firmware
 CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
 	NOT-FOR-US: SimpliSafe SS3 firmware
 CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy  ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 3611882345..4a11d601a2 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,19 +1,19 @@
 CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
-	TODO: check
+	NOT-FOR-US: ICE Hrm
 CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via  ...)
-	TODO: check
+	NOT-FOR-US: ICE Hrm
 CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause,  ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...)
-	TODO: check
+	NOT-FOR-US: phpMyChat-Plus
 CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass  ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2020-9263
 	RESERVED
 CVE-2020-9262
@@ -5079,9 +5079,9 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is
 CVE-2020-6846
 	RESERVED
 CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...)
-	TODO: check
+	NOT-FOR-US: TopManage
 CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...)
-	TODO: check
+	NOT-FOR-US: TopManage
 CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2020-6842