Stored CSV Injection Vulnerability in Lenovo XClarity Controller
CVE-2019-6187
6.5MEDIUM
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 19 November 2019
What is CVE-2019-6187?
A vulnerability exists in Lenovo XClarity Controller that allows administrative users to store malformed data in specific server informational fields. This could lead to crafted formulas being included in exported CSV files. While the crafted formulas do not affect the XCC server directly, they can compromise the integrity of data when accessed through other applications. Users should be aware of potential security risks and take appropriate measures to validate and sanitize data inputs.
Affected Version(s)
Lenovo XClarity Controller (XCC) < unspecified
Lenovo XClarity Controller (XCC) < unspecified
Lenovo XClarity Controller (XCC) < unspecified