CVE-2019-6187
N/A
N/A
Summary
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Lenovo XClarity Controller (XCC) | unspecified < TEI392M | affected |
| Lenovo | Lenovo XClarity Controller (XCC) | unspecified < CDI340M | affected |
| Lenovo | Lenovo XClarity Controller (XCC) | unspecified < G1I312 | affected |
| Lenovo | Lenovo XClarity Controller (XCC) | unspecified < PSI328M | affected |
Weaknesses
- arbitrary eode execution
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.