CVE-2022-26867
Published: 02 June 2022
Summary
CVE-2022-26867 is a medium-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Dell Powerstoreos. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-31416
Vulnerability details
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get…
more
interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.