Lucene search
LenovoCVELIST:CVE-2019-6187HistoryNov 19, 2019 - 12:00 a.m.
CVE-2019-6187
2019-11-1900:00:00
lenovo
www.cve.org
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.
CNA Affected
[
{
"product": "Lenovo XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TEI392M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "CDI340M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "G1I312",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PSI328M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Related
cve
cve
CVE-2019-6187
2019-11-20 02:15:10
lenovo
lenovo
Lenovo XClarity Controller (XCC) Stored CSV Injection - US
2019-11-14 22:09:39
Lenovo XClarity Controller (XCC) Stored CSV Injection - Lenovo Support US
2019-11-14 22:09:39
nvd
nvd
CVE-2019-6187
2019-11-20 02:15:10
prion
prion
Design/Logic Flaw
2019-11-20 02:15:00
