Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6187

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Published

2019-11-20T02:15:10.787

Last Modified

2024-11-21T04:46:07.577

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-1236

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lenovo	xclarity_controller	< tei392m	Yes
Hardware	lenovo	thinkagile_7x82	-	No
Hardware	lenovo	thinkagile_7y11	-	No
Hardware	lenovo	thinkagile_7y12	-	No
Hardware	lenovo	thinkagile_7y88	-	No
Hardware	lenovo	thinkagile_7y92	-	No
Hardware	lenovo	thinkagile_7z03	-	No
Hardware	lenovo	thinksystem_sd530	-	No
Hardware	lenovo	thinksystem_sd650	-	No
Hardware	lenovo	thinksystem_sn550	-	No
Hardware	lenovo	thinksystem_sn850	-	No
Hardware	lenovo	thinksystem_sr150	-	No
Hardware	lenovo	thinksystem_sr158	-	No
Hardware	lenovo	thinksystem_sr250	-	No
Hardware	lenovo	thinksystem_sr258	-	No
Hardware	lenovo	thinksystem_sr850	-	No
Hardware	lenovo	thinksystem_sr860	-	No
Hardware	lenovo	thinksystem_st250	-	No
Hardware	lenovo	thinksystem_st258	-	No
Application	lenovo	xclarity_controller	< cdi340m	Yes
Hardware	lenovo	thinkagile_7d1h	-	No
Hardware	lenovo	thinkagile_7x83	-	No
Hardware	lenovo	thinkagile_7y13	-	No
Hardware	lenovo	thinkagile_7y14	-	No
Hardware	lenovo	thinkagile_7y90	-	No
Hardware	lenovo	thinkagile_7y93	-	No
Hardware	lenovo	thinkagile_7y94	-	No
Hardware	lenovo	thinkagile_7z04	-	No
Hardware	lenovo	thinkagile_7z05	-	No
Hardware	lenovo	thinkagile_7z06	-	No
Hardware	lenovo	thinkagile_7z07	-	No
Hardware	lenovo	thinkagile_7z20	-	No
Hardware	lenovo	thinkagile_yx84	-	No
Hardware	lenovo	thinksystem_sr530	-	No
Hardware	lenovo	thinksystem_sr550	-	No
Hardware	lenovo	thinksystem_sr570	-	No
Hardware	lenovo	thinksystem_sr590	-	No
Hardware	lenovo	thinksystem_sr630	-	No
Hardware	lenovo	thinksystem_sr650	-	No
Hardware	lenovo	thinksystem_st550	-	No
Hardware	lenovo	thinksystem_st558	-	No
Application	lenovo	xclarity_controller	< g1i312	Yes
Hardware	lenovo	_thinksystem_sr670	-	No
Application	lenovo	xclarity_controller	< psi328m	Yes
Hardware	lenovo	thinksystem_sr950	-	No

References

https://support.lenovo.com/solutions/LEN-29118 Patch, Vendor Advisory ([email protected])
https://support.lenovo.com/solutions/LEN-29118 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)