CVE-2019-6187

CWE-12363 documents3 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 38.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Lenovo Xclarity Controller (xcc)Lenovo Xclarity Controller

Timeline

PublishedNov 20

Latest updateMay 24

Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlenovo/xclarity_controller< tei392m+3

▶CVEListV5lenovo/lenovo_xclarity_controller_(xcc)unspecified — TEI392M+3

Patches

Patch: support.lenovo.com ↗Patch: support.lenovo.com ↗

🔴Vulnerability Details

GHSA

GHSA-hvmh-jgw7-f7xg: A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permis↗2022-05-24

▶

CVEList

CVE-2019-6187: A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permis↗2019-11-20

▶