CVE-2019-6182

Опубликовано: 03 сент. 2019

Источник: nvd

CVSS3: 4.8

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

Ссылки

https://support.lenovo.com/solutions/LEN-27805
Vendor Advisory
https://support.lenovo.com/solutions/LEN-27805
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*

Версия до 2.5.0 (исключая)

EPSS

Процентиль: 44%

0.00217

Низкий

4.8 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-3v5g-248q-q8gh

CVSS3: 4.9

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.00217

Низкий

4.8 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1236