CVE-2019-6182

MEDIUM

Lenovo XClarity Administrator <2.5.0 - CSV Injection

Title source: llm
STIX 2.1

Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

References (1)

Scores

CVSS v3 4.9
EPSS 0.0022
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-1236
Status published
Products (1)
lenovo/xclarity_administrator < 2.5.0
Published Sep 03, 2019
Tracked Since Feb 18, 2026