1. Home
  2. CVE Database
  3. CVE-2019-6187
MEDIUM · 6.5

CVE-2019-6187

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC...

Vulnerability Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LenovoXclarity Controller< tei392m
LenovoThinkagile 7X82-
LenovoThinkagile 7Y11-
LenovoThinkagile 7Y12-
LenovoThinkagile 7Y88-
LenovoThinkagile 7Y92-
LenovoThinkagile 7Z03-
LenovoThinksystem Sd530-
LenovoThinksystem Sd650-
LenovoThinksystem Sn550-
LenovoThinksystem Sn850-
LenovoThinksystem Sr150-
LenovoThinksystem Sr158-
LenovoThinksystem Sr250-
LenovoThinksystem Sr258-
LenovoThinksystem Sr850-
LenovoThinksystem Sr860-
LenovoThinksystem St250-
LenovoThinksystem St258-
LenovoThinkagile 7D1H-

Related Weaknesses (CWE)

CWE-1236

References

FAQ

What is CVE-2019-6187?

CVE-2019-6187 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC...

How severe is CVE-2019-6187?

CVE-2019-6187 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6187?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Controller, Lenovo Thinkagile 7X82, Lenovo Thinkagile 7Y11, Lenovo Thinkagile 7Y12, Lenovo Thinkagile 7Y88.