CVE-2019-6182
MEDIUMLenovo XClarity Administrator <2.5.0 - CSV Injection
Title source: llmDescription
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-27805
Scores
CVSS v3
4.9
EPSS
0.0065
EPSS Percentile
46.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-1236
Status
published
Products (1)
lenovo/xclarity_administrator
< 2.5.0
Published
Sep 03, 2019
Tracked Since
Feb 18, 2026