Stored CSV Injection in Lenovo XClarity Administrator
CVE-2019-6182
4.8MEDIUM
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 3 September 2019
What is CVE-2019-6182?
A stored CSV Injection vulnerability exists in Lenovo XClarity Administrator which affects versions prior to 2.5.0. This issue allows administrative users to inject malformed data into LXCA Jobs and Event Log data. Consequently, this may lead to the creation of crafted formulas that are stored within exported CSV files. It is important to note that these crafted formulas do not execute on the LXCA platform itself, posing a risk mainly upon exporting the data.
Affected Version(s)
XClarity Administrator (LXCA) < 2.5.0