CVE-2022-46408

MEDIUM Year: 2022
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.

Related Vulnerabilities

CVE-2019-20180

MEDIUM
CVSS:6.8(Medium)

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that...

CWE-12362019

CVE-2019-4071

MEDIUM
CVSS:6.8(Medium)

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper valida...

CWE-12362019

CVE-2020-4689

MEDIUM
CVSS:6.8(Medium)

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceI...

CWE-12362020

CVE-2021-36334

MEDIUM
CVSS:6.8(Medium)

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code ex...

CWE-12362021

CVE-2021-37131

MEDIUM
CVSS:6.8(Medium)

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV ...

CWE-12362021