CVE-2019-6182
First published: Tue Sep 03 2019(Updated: )
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo XClarity Administrator | <2.5.0 |
Remedy
Update your LXCA installation to version 2.5.0 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Lenovo XClarity Administrator vulnerability?
The vulnerability ID for this Lenovo XClarity Administrator vulnerability is CVE-2019-6182.
What is the severity of CVE-2019-6182?
The severity of CVE-2019-6182 is medium with a severity value of 4.9.
Which versions of Lenovo XClarity Administrator are affected by CVE-2019-6182?
Lenovo XClarity Administrator versions prior to 2.5.0 are affected by CVE-2019-6182.
What is the CWE number for this vulnerability?
The CWE number for this vulnerability is 1236.
How can I fix the CVE-2019-6182 vulnerability?
To fix the CVE-2019-6182 vulnerability, update Lenovo XClarity Administrator to version 2.5.0 or later.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo xclarity administrator