CVE-2019-6187 Vulnerability Details

  /     /     /  

CVE-2019-6187 Metadata Quick Info

CVE Published: 20/11/2019 | CVE Updated: 17/09/2024 | CVE Year: 2019
Source: lenovo | Vendor: Lenovo | Product: Lenovo XClarity Controller (XCC)
Status : PUBLISHED

---

CVE-2019-6187 Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: arbitrary eode execution
Source: Lenovo

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).