CVE-2019-6182 — MEDIUM (4.9)

Q: How severe is CVE-2019-6182?

CVE-2019-6182 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6182?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.

Vulnerability Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Xclarity Administrator	< 2.5.0

Related Weaknesses (CWE)

CWE-1236

References

https://support.lenovo.com/solutions/LEN-27805Vendor Advisory
https://support.lenovo.com/solutions/LEN-27805Vendor Advisory

FAQ

What is CVE-2019-6182?

CVE-2019-6182 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event...

How severe is CVE-2019-6182?

CVE-2019-6182 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6182?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.