CVE-2019-6187

MEDIUM Year: 2019
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Related Vulnerabilities

CVE-2019-13181

MEDIUM
CVSS:6.5(Medium)

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.

CWE-12362019

CVE-2019-16959

MEDIUM
CVSS:6.5(Medium)

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CWE-12362019

CVE-2020-4627

MEDIUM
CVSS:6.5(Medium)

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. ...

CWE-12362020

CVE-2021-41270

MEDIUM
CVSS:6.5(Medium)

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 befo...

CWE-12362021

CVE-2023-50448

MEDIUM
CVSS:6.5(Medium)

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain...

CWE-12362023

CVE-2024-27785

MEDIUM
CVSS:6.5(Medium)

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's ...

CWE-12362024