Vulnerabilities > CVE-2019-14352 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
joget
CWE-1236

Summary

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export format for spreadsheet applications

Vulnerable Configurations

Part Description Count
Application
Joget
1