medium
6.5
CWE
1236
Advisory Published
Updated

CVE-2019-6187

First published: Wed Nov 20 2019(Updated: )

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo XClarity Controller<tei392m
Lenovo Thinkagile 7x82
Lenovo Thinkagile 7y11
Lenovo Thinkagile 7y12
Lenovo Thinkagile 7y88
Lenovo Thinkagile 7y92
Lenovo Thinkagile 7z03
Lenovo Thinksystem Sd530
Lenovo Thinksystem Sd650
Lenovo Thinksystem Sn550
Lenovo Thinksystem Sn850
Lenovo Thinksystem Sr150
Lenovo Thinksystem Sr158
Lenovo Thinksystem Sr250
Lenovo Thinksystem Sr258
Lenovo Thinksystem Sr850
Lenovo Thinksystem Sr860
Lenovo Thinksystem St250
Lenovo Thinksystem St258
Lenovo XClarity Controller<cdi340m
Lenovo Thinkagile 7d1h
Lenovo Thinkagile 7x83
Lenovo Thinkagile 7y13
Lenovo Thinkagile 7y14
Lenovo Thinkagile 7y90
Lenovo Thinkagile 7y93
Lenovo Thinkagile 7y94
Lenovo Thinkagile 7z04
Lenovo Thinkagile 7z05
Lenovo Thinkagile 7z06
Lenovo Thinkagile 7z07
Lenovo Thinkagile 7z20
Lenovo Thinkagile Yx84
Lenovo Thinksystem Sr530
Lenovo Thinksystem Sr550
Lenovo Thinksystem Sr570
Lenovo Thinksystem Sr590
Lenovo Thinksystem Sr630
Lenovo Thinksystem Sr650
Lenovo Thinksystem St550
Lenovo Thinksystem St558
Lenovo XClarity Controller<g1i312
Lenovo Thinksystem Sr670
Lenovo XClarity Controller<psi328m
Lenovo Thinksystem Sr950

Remedy

https://support.lenovo.com/solutions/LEN-29118

Remedy

Update LXCC to the version indicated for your product.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-6187?

    The severity of CVE-2019-6187 is medium with a severity value of 6.5.

  • How does CVE-2019-6187 affect Lenovo XClarity Controller?

    CVE-2019-6187 affects Lenovo XClarity Controller by allowing an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields.

  • What is CSV Injection vulnerability?

    CSV Injection vulnerability is a type of security vulnerability that occurs when untrusted input is inserted into a CSV (Comma-Separated Values) file, resulting in the execution of arbitrary commands or malicious code.

  • How can CVE-2019-6187 be fixed?

    To fix CVE-2019-6187, users should apply the necessary security patches provided by Lenovo.

  • Where can I find more information about CVE-2019-6187?

    More information about CVE-2019-6187 can be found on the Lenovo support website: https://support.lenovo.com/solutions/LEN-29118

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203