CVE-2019-6187

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Se reportó una vulnerabilidad de inyección CSV almacenada en Lenovo XClarity Controller (XCC) lo que podría permitir a un usuario administrativo u otro usuario con permiso apropiado almacenar datos malformados en determinados campos informativos del servidor de XCC, que podría resultar en que las fórmulas especialmente diseñadas sean almacenadas en un archivo CSV exportado. La fórmula especialmente diseñada no es ejecutada en XCC y no tiene ningún efecto en el servidor.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-11 CVE Reserved
2019-11-20 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1236: Improper Neutralization of Formula Elements in a CSV File

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://support.lenovo.com/solutions/LEN-29118	2020-08-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7x82 Search vendor "Lenovo" for product "Thinkagile 7x82"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y11 Search vendor "Lenovo" for product "Thinkagile 7y11"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y12 Search vendor "Lenovo" for product "Thinkagile 7y12"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y88 Search vendor "Lenovo" for product "Thinkagile 7y88"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y92 Search vendor "Lenovo" for product "Thinkagile 7y92"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z03 Search vendor "Lenovo" for product "Thinkagile 7z03"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sd530 Search vendor "Lenovo" for product "Thinksystem Sd530"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sd650 Search vendor "Lenovo" for product "Thinksystem Sd650"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sn550 Search vendor "Lenovo" for product "Thinksystem Sn550"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sn850 Search vendor "Lenovo" for product "Thinksystem Sn850"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr150 Search vendor "Lenovo" for product "Thinksystem Sr150"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr158 Search vendor "Lenovo" for product "Thinksystem Sr158"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr250 Search vendor "Lenovo" for product "Thinksystem Sr250"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr258 Search vendor "Lenovo" for product "Thinksystem Sr258"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr850 Search vendor "Lenovo" for product "Thinksystem Sr850"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr860 Search vendor "Lenovo" for product "Thinksystem Sr860"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem St250 Search vendor "Lenovo" for product "Thinksystem St250"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< tei392m Search vendor "Lenovo" for product "Xclarity Controller" and version " < tei392m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem St258 Search vendor "Lenovo" for product "Thinksystem St258"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7d1h Search vendor "Lenovo" for product "Thinkagile 7d1h"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7x83 Search vendor "Lenovo" for product "Thinkagile 7x83"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y13 Search vendor "Lenovo" for product "Thinkagile 7y13"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y14 Search vendor "Lenovo" for product "Thinkagile 7y14"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y90 Search vendor "Lenovo" for product "Thinkagile 7y90"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y93 Search vendor "Lenovo" for product "Thinkagile 7y93"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7y94 Search vendor "Lenovo" for product "Thinkagile 7y94"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z04 Search vendor "Lenovo" for product "Thinkagile 7z04"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z05 Search vendor "Lenovo" for product "Thinkagile 7z05"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z06 Search vendor "Lenovo" for product "Thinkagile 7z06"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z07 Search vendor "Lenovo" for product "Thinkagile 7z07"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile 7z20 Search vendor "Lenovo" for product "Thinkagile 7z20"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkagile Yx84 Search vendor "Lenovo" for product "Thinkagile Yx84"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr530 Search vendor "Lenovo" for product "Thinksystem Sr530"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr550 Search vendor "Lenovo" for product "Thinksystem Sr550"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr570 Search vendor "Lenovo" for product "Thinksystem Sr570"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr590 Search vendor "Lenovo" for product "Thinksystem Sr590"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr630 Search vendor "Lenovo" for product "Thinksystem Sr630"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr650 Search vendor "Lenovo" for product "Thinksystem Sr650"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem St550 Search vendor "Lenovo" for product "Thinksystem St550"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< cdi340m Search vendor "Lenovo" for product "Xclarity Controller" and version " < cdi340m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem St558 Search vendor "Lenovo" for product "Thinksystem St558"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< g1i312 Search vendor "Lenovo" for product "Xclarity Controller" and version " < g1i312"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr670 Search vendor "Lenovo" for product " Thinksystem Sr670"	-	-	Safe
Lenovo Search vendor "Lenovo"	Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller"	< psi328m Search vendor "Lenovo" for product "Xclarity Controller" and version " < psi328m"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinksystem Sr950 Search vendor "Lenovo" for product "Thinksystem Sr950"	-	-	Safe