CVE-2022-26867
Severity Score
8.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
PowerStore SW v2.1.1.0 soporta la opción de exportar datos a un archivo CSV o XLSX. Los datos se toman tal cual, sin ningún tipo de comprobación o saneo. Esto permite a un usuario malicioso y autenticado inyectar cargas útiles que pueden ser interpretadas como fórmulas por la aplicación de hoja de cálculo correspondiente que es usada para abrir el archivo CSV/XLSX
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-10 CVE Reserved
- 2022-06-02 CVE Published
- 2023-12-24 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dell.com/support/kbdoc/000196367 | 2022-06-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Powerstoreos Search vendor "Dell" for product "Powerstoreos" | < 2.1.1.0 Search vendor "Dell" for product "Powerstoreos" and version " < 2.1.1.0" | - |
Affected
| in | Dell Search vendor "Dell" | Powerstore T Search vendor "Dell" for product "Powerstore T" | - | - |
Safe
|
| Dell Search vendor "Dell" | Powerstoreos Search vendor "Dell" for product "Powerstoreos" | < 2.1.1.0 Search vendor "Dell" for product "Powerstoreos" and version " < 2.1.1.0" | - |
Affected
| in | Dell Search vendor "Dell" | Powerstore X Search vendor "Dell" for product "Powerstore X" | - | - |
Safe
|