CVE-2021-37131

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Related Vulnerabilities

CVE-2019-20180

MEDIUM
CVSS:6.8(Medium)

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that...

CWE-12362019

CVE-2019-4071

MEDIUM
CVSS:6.8(Medium)

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper valida...

CWE-12362019

CVE-2020-4689

MEDIUM
CVSS:6.8(Medium)

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceI...

CWE-12362020

CVE-2021-36334

MEDIUM
CVSS:6.8(Medium)

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code ex...

CWE-12362021

CVE-2022-46408

MEDIUM
CVSS:6.8(Medium)

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File c...

CWE-12362022