Vulnerability Details CVE-2019-12134
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-12134
-
cpe:2.3:a:workday:workday:10
-
cpe:2.3:a:workday:workday:11
-
cpe:2.3:a:workday:workday:12
-
cpe:2.3:a:workday:workday:13
-
cpe:2.3:a:workday:workday:14
-
cpe:2.3:a:workday:workday:15
-
cpe:2.3:a:workday:workday:16
-
cpe:2.3:a:workday:workday:17
-
cpe:2.3:a:workday:workday:18
-
cpe:2.3:a:workday:workday:19
-
cpe:2.3:a:workday:workday:20
-
cpe:2.3:a:workday:workday:21.0
-
cpe:2.3:a:workday:workday:21.1
-
cpe:2.3:a:workday:workday:22.0
-
cpe:2.3:a:workday:workday:22.1
-
cpe:2.3:a:workday:workday:23.0
-
cpe:2.3:a:workday:workday:23.1
-
cpe:2.3:a:workday:workday:23.2
-
cpe:2.3:a:workday:workday:24.0
-
cpe:2.3:a:workday:workday:24.1
-
cpe:2.3:a:workday:workday:24.2
-
cpe:2.3:a:workday:workday:25.0
-
cpe:2.3:a:workday:workday:25.1
-
cpe:2.3:a:workday:workday:25.2
-
cpe:2.3:a:workday:workday:26.0
-
cpe:2.3:a:workday:workday:26.1
-
cpe:2.3:a:workday:workday:26.2
-
cpe:2.3:a:workday:workday:27.0
-
cpe:2.3:a:workday:workday:27.1
-
cpe:2.3:a:workday:workday:27.2
-
cpe:2.3:a:workday:workday:28.0
-
cpe:2.3:a:workday:workday:28.1
-
cpe:2.3:a:workday:workday:28.2
-
cpe:2.3:a:workday:workday:29.0
-
cpe:2.3:a:workday:workday:29.1
-
cpe:2.3:a:workday:workday:29.2
-
cpe:2.3:a:workday:workday:30.0
-
cpe:2.3:a:workday:workday:30.1
-
cpe:2.3:a:workday:workday:30.2
-
cpe:2.3:a:workday:workday:31.0
-
cpe:2.3:a:workday:workday:31.1
-
cpe:2.3:a:workday:workday:31.2
-
cpe:2.3:a:workday:workday:32.0
-
cpe:2.3:a:workday:workday:9