exploitDog

CVE-2019-12134

Опубликовано: 06 июн. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.

Ссылки

https://sinfosec757.blogspot.com/2019/06/exploit-title-workday-32-csv-injection.html
Third Party Advisory
https://sinfosec757.blogspot.com/2019/06/exploit-title-workday-32-csv-injection.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:workday:workday:*:*:*:*:*:*:*:*

Версия до 32.0 (включая)

EPSS

Процентиль: 64%

0.00475

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-99wc-g6xm-mv9h

CVSS3: 8.8

github

больше 3 лет назад

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.

EPSS

Процентиль: 64%

0.00475

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-1236