CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

Published: Sep 3, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-6182
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-1236

Affected Software
References

Software	From	Fixed in
lenovo / xclarity_administrator	-	2.5.0

https://support.lenovo.com/solutions/LEN-27805

Vulnerability Database

289,784

CVE-2019-6182