CVE-2019-6187

Summary

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Affected Software

VendorProductVersion RangeStatus
LenovoLenovo XClarity Controller (XCC)unspecified < TEI392Maffected
LenovoLenovo XClarity Controller (XCC)unspecified < CDI340Maffected
LenovoLenovo XClarity Controller (XCC)unspecified < G1I312affected
LenovoLenovo XClarity Controller (XCC)unspecified < PSI328Maffected

Weaknesses

  • arbitrary eode execution

ADP Enrichment

CVE Program Container

Additional References

References