All the vulnerabilites related to Lenovo - XClarity Administrator
var-201701-0353
Vulnerability from variot
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Lenovo XClarity Administrator is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to to gain elevated privileges. Versions prior to Lenovo XClarity Administrator 1.2.0 are vulnerable. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. Attackers can use this vulnerability to log in to the LXCA system, download log files, and obtain temporary management passwords and access rights to the LXCA system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.1.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "1.1.1"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.2.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.2.0"
}
],
"sources": [
{
"db": "BID",
"id": "95417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95417"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8221",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8221",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-97041",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8221",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8221",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-307",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-97041",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97041"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Lenovo XClarity Administrator is prone to a privilege-escalation vulnerability. \nAn attacker can exploit this issue to to gain elevated privileges. \nVersions prior to Lenovo XClarity Administrator 1.2.0 are vulnerable. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. Attackers can use this vulnerability to log in to the LXCA system, download log files, and obtain temporary management passwords and access rights to the LXCA system",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "BID",
"id": "95417"
},
{
"db": "VULHUB",
"id": "VHN-97041"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8221",
"trust": 2.8
},
{
"db": "BID",
"id": "95417",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97041",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97041"
},
{
"db": "BID",
"id": "95417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"id": "VAR-201701-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97041"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:26.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-10605",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len_10605"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66971"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97041"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/len_10605"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95417"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8221"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8221"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97041"
},
{
"db": "BID",
"id": "95417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97041"
},
{
"db": "BID",
"id": "95417"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97041"
},
{
"date": "2017-01-12T00:00:00",
"db": "BID",
"id": "95417"
},
{
"date": "2017-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"date": "2017-01-12T22:59:00.220000",
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-19T00:00:00",
"db": "VULHUB",
"id": "VHN-97041"
},
{
"date": "2017-01-23T04:05:00",
"db": "BID",
"id": "95417"
},
{
"date": "2017-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006940"
},
{
"date": "2017-01-19T15:59:54.550000",
"db": "NVD",
"id": "CVE-2016-8221"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006940"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-307"
}
],
"trust": 0.6
}
}
var-201909-0028
Vulnerability from variot
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0. A remote attacker could exploit this vulnerability to execute JavaScript code in the user's browser
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6180"
}
]
},
"cve": "CVE-2019-6180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6180",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-157615",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-6180",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6180",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6180",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-050",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157615",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user\u0027s web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0. A remote attacker could exploit this vulnerability to execute JavaScript code in the user\u0027s browser",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "VULHUB",
"id": "VHN-157615"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6180",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-27805",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157615",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"id": "VAR-201909-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157615"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:19.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lenovo XClarity Administrator",
"trust": 0.8,
"url": "https://www.lenovo.com/jp/ja/data-center/software/systems-management/xclarity/"
},
{
"title": "Lenovo XClarity Administrator Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97815"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-27805"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6180"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6180"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157615"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"date": "2019-09-03T19:15:10.710000",
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-157615"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008774"
},
{
"date": "2022-10-14T03:32:08.443000",
"db": "NVD",
"id": "CVE-2019-6180"
},
{
"date": "2019-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008774"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-050"
}
],
"trust": 0.6
}
}
var-201909-0029
Vulnerability from variot
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6181"
}
]
},
"cve": "CVE-2019-6181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6181",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-157616",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-6181",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6181",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6181",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157616",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6181",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user\u0027s web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "VULMON",
"id": "CVE-2019-6181"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6181",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-27805",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157616",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6181",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"id": "VAR-201909-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157616"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:19.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lenovo XClarity Administrator",
"trust": 0.8,
"url": "https://www.lenovo.com/jp/ja/data-center/software/systems-management/xclarity/"
},
{
"title": "Lenovo XClarity Administrator Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97818"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.lenovo.com/solutions/len-27805"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6181"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6181"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27805"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157616"
},
{
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157616"
},
{
"date": "2019-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"date": "2019-09-03T19:15:10.773000",
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-157616"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6181"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008775"
},
{
"date": "2022-10-14T03:30:30.477000",
"db": "NVD",
"id": "CVE-2019-6181"
},
{
"date": "2019-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-053"
}
],
"trust": 0.6
}
}
var-201709-0672
Vulnerability from variot
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. LXCA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). There is a privilege escalation vulnerability in versions earlier than Lenovo LXCA 1.3.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3770"
}
]
},
"cve": "CVE-2017-3770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-3770",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-111973",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3770",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3770",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-111973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111973"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. LXCA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). There is a privilege escalation vulnerability in versions earlier than Lenovo LXCA 1.3.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "VULHUB",
"id": "VHN-111973"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3770",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-16333",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111973",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111973"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"id": "VAR-201709-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111973"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:08.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-16333",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-16333"
},
{
"title": "Lenovo LXCA Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75101"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111973"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-16333"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3770"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3770"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111973"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111973"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-111973"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"date": "2017-09-22T14:29:00.243000",
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"date": "2017-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111973"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008378"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-3770"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LXCA Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008378"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1140"
}
],
"trust": 0.6
}
}
var-202102-0928
Vulnerability from variot
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted. Lenovo XClarity Administrator (LXCA) Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. There is a security vulnerability in Lenovo XClarity Administrator. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0928",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "3.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8355"
}
]
},
"cve": "CVE-2020-8355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-8355",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-186480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-016066",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8355",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2020-8355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-851",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186480",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186480"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted. Lenovo XClarity Administrator (LXCA) Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. There is a security vulnerability in Lenovo XClarity Administrator. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "VULHUB",
"id": "VHN-186480"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8355",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-50446",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186480",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186480"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"id": "VAR-202102-0928",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186480"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:16:33.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-50446",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-50446"
},
{
"title": "Lenovo Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142222"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186480"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-50446"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8355"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186480"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186480"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-186480"
},
{
"date": "2021-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"date": "2021-02-10T21:15:13.990000",
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-186480"
},
{
"date": "2021-11-04T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2020-016066"
},
{
"date": "2021-02-17T16:32:27.220000",
"db": "NVD",
"id": "CVE-2020-8355"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo\u00a0XClarity\u00a0Administrator\u00a0 Vulnerability in plaintext transmission of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-851"
}
],
"trust": 0.6
}
}
var-202002-0370
Vulnerability from variot
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.5.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.6.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.2.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6194"
}
]
},
"cve": "CVE-2019-6194",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014620",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157629",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6194",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6194",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014620",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157629",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "VULHUB",
"id": "VHN-157629"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6194",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-29477",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-09988",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-157629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"id": "VAR-202002-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157629"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:58:49.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-29477",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"title": "Lenovo XClarity Administrator Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109147"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6194"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6194"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-157629"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"date": "2020-02-14T17:15:13.143000",
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"date": "2020-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-157629"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014620"
},
{
"date": "2020-02-21T20:35:11.513000",
"db": "NVD",
"id": "CVE-2019-6194"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-812"
}
],
"trust": 0.6
}
}
var-201905-0018
Vulnerability from variot
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.4.0"
},
{
"model": "xclarity administrator",
"scope": "gte",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.0.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2.0.0 to 2.3.x"
},
{
"model": "xclarity administrator",
"scope": "gte",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.0.0,\u003c=2.3.*"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.0"
},
{
"model": "xclarity administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo,Lenovo ?? ??",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6158",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-14825",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157593",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6158",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6158",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-14825",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157593",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "VULHUB",
"id": "VHN-157593"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6158",
"trust": 3.4
},
{
"db": "BID",
"id": "108165",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-26141",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14825",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43227",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157593",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"id": "VAR-201905-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
}
]
},
"last_update_date": "2023-12-18T12:56:33.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-26141",
"trust": 0.8,
"url": "https://support.lenovo.com/solutions/len-26141"
},
{
"title": "Patch for Lenovo XClarity Administrator Log Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161655"
},
{
"title": "Lenovo XClarity Administrator Repair measures for log information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92225"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108165"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-26141"
},
{
"trust": 1.5,
"url": "https://support.lenovo.com/us/en/solutions/len-26141"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6158"
},
{
"trust": 0.9,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6158"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6158"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43227"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157593"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108165"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"date": "2019-05-03T20:29:01.387000",
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"date": "2019-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-157593"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108165"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"date": "2019-10-09T23:51:12.153000",
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"date": "2019-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Log Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
}
}
var-201804-0505
Vulnerability from variot
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-12
https://security.gentoo.org/
Severity: Normal Title: OpenSLP: Multiple vulnerabilities Date: May 14, 2020 Bugs: #662878 ID: 202005-12
Synopsis
Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code.
Background
OpenSLP is an open-source implementation of Service Location Protocol (SLP).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openslp <= 2.0.0-r5 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
Description
Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for OpenSLP. We recommend that users unmerge OpenSLP: # emerge --unmerge "net-libs/openslp"
NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued support at this time. It may be possible that a new Gentoo developer will update OpenSLP at a later date. No known alternatives to OpenSLP are in the tree at this time.
References
[ 1 ] CVE-2017-17833 https://nvd.nist.gov/vuln/detail/CVE-2017-17833 [ 2 ] CVE-2019-5544 https://nvd.nist.gov/vuln/detail/CVE-2019-5544
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3708-1 July 09, 2018
openslp-dfsg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
OpenSLP could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - openslp-dfsg: Service Location Protocol library
Details:
It was discovered that OpenSLP incorrectly handled certain memory operations.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.1
Ubuntu 14.04 LTS: libslp1 1.2.1-9ubuntu0.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: openslp security update Advisory ID: RHSA-2018:2240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2240 Issue date: 2018-07-23 CVE Names: CVE-2017-17833 =====================================================================
- Summary:
An update for openslp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks.
Security Fix(es):
- openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
ppc64: openslp-2.0.0-7.el7_5.ppc.rpm openslp-2.0.0-7.el7_5.ppc64.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-server-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
aarch64: openslp-2.0.0-7.el7_5.aarch64.rpm openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-server-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-devel-2.0.0-7.el7_5.ppc.rpm openslp-devel-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-devel-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-17833 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2017-17833
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY hW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx IXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs T6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu 5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO nouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT 743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm /Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr oxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca tehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8 XHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh GSs8CyxuJUo= =aDcY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.0.2"
},
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "flex system fc3171 8gb san switch",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "9.1.13.02.00"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "thinkserver rd650",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinksystem hr630x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm1",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.55"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd440",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd540",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "cmm",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.8.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver td340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "46.00"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "bm nextscale fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "24p-2.15"
},
{
"model": "thinkserver rs160",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm2",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.70"
},
{
"model": "thinkserver td350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "30r-1.13"
},
{
"model": "thinkserver sd350",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd350g",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "thinksystem hr650x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rq750",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinksystem sr630",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "storage n4610",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "storage n3310",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd640",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd450",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.0.20"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.1"
},
{
"model": "thinkserver ts460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver sr630",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rs160",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rq750",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd640",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd340",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr650x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr630x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd650",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd550",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd450",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rs160",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rq750",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinkserver rd650",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd640",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd540",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd450",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd440",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd350",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd340",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
}
],
"sources": [
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr630x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr630x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr650x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr650x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:flex_system_fc3171_8gb_san_switch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.13.02.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:flex_system_fc3171_8gb_san_switch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n3310_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n3310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n4610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n4610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:cmm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:bm_nextscale_fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "24p-2.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "30r-1.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.55",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd540_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rq750_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rq750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rs160_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rs160:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_sd350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_sd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "46.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_ts460_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_ts460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17833",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-108895",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17833",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108895",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. \nAn attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. \nOpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSLP: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #662878\n ID: 202005-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSLP, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenSLP is an open-source implementation of Service Location Protocol\n(SLP). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openslp \u003c= 2.0.0-r5 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSLP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for OpenSLP. We recommend that users\nunmerge OpenSLP:\n # emerge --unmerge \"net-libs/openslp\"\n\nNOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued\nsupport at this time. It may be possible that a new Gentoo developer\nwill update OpenSLP at a later date. No known alternatives to OpenSLP\nare in the tree at this time. \n\nReferences\n==========\n\n[ 1 ] CVE-2017-17833\n https://nvd.nist.gov/vuln/detail/CVE-2017-17833\n[ 2 ] CVE-2019-5544\n https://nvd.nist.gov/vuln/detail/CVE-2019-5544\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3708-1\nJuly 09, 2018\n\nopenslp-dfsg vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nOpenSLP could be made to crash or run programs if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- openslp-dfsg: Service Location Protocol library\n\nDetails:\n\nIt was discovered that OpenSLP incorrectly handled certain memory\noperations. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libslp1 1.2.1-11ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n libslp1 1.2.1-9ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openslp security update\nAdvisory ID: RHSA-2018:2240-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2240\nIssue date: 2018-07-23\nCVE Names: CVE-2017-17833 \n=====================================================================\n\n1. Summary:\n\nAn update for openslp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSLP is an open source implementation of the Service Location Protocol\n(SLP) which is an Internet Engineering Task Force (IETF) standards track\nprotocol and provides a framework to allow networking applications to\ndiscover the existence, location, and configuration of networked services\nin enterprise networks. \n\nSecurity Fix(es):\n\n* openslp: Heap memory corruption in slpd/slpd_process.c allows denial of\nservice or potentially code execution (CVE-2017-17833)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nppc64:\nopenslp-2.0.0-7.el7_5.ppc.rpm\nopenslp-2.0.0-7.el7_5.ppc64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\naarch64:\nopenslp-2.0.0-7.el7_5.aarch64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-server-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-devel-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-17833\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/cve/CVE-2017-17833\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY\nhW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx\nIXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs\nT6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu\n5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO\nnouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT\n743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm\n/Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr\noxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca\ntehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8\nXHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh\nGSs8CyxuJUo=\n=aDcY\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17833",
"trust": 3.2
},
{
"db": "LENOVO",
"id": "LEN-18247",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "157725",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4580",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0570",
"trust": 0.6
},
{
"db": "BID",
"id": "104577",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "148646",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148456",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-108895",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"id": "VAR-201804-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
}
],
"trust": 0.775
},
"last_update_date": "2023-12-18T11:45:27.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1364-1] openslp-dfsg security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"title": "Lenovo fix for slpd crash during testing: bad pointer after realloc.",
"trust": 0.8,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2240"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2308"
},
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-18247"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17833"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17833"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157725/gentoo-linux-security-advisory-202005-12.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10957097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4580/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10956531"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76030"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-17833"
},
{
"trust": 0.3,
"url": "http://www.openslp.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572166"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/len-18247"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5544"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-9ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3708-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T14:53:11",
"db": "PACKETSTORM",
"id": "157725"
},
{
"date": "2018-07-09T23:38:59",
"db": "PACKETSTORM",
"id": "148456"
},
{
"date": "2018-08-03T22:22:22",
"db": "PACKETSTORM",
"id": "148819"
},
{
"date": "2018-07-24T17:33:30",
"db": "PACKETSTORM",
"id": "148646"
},
{
"date": "2018-04-23T18:29:00.663000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T00:15:11.443000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2020-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.6
}
}
var-202003-1772
Vulnerability from variot
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. Lenovo XClarity Administrator (LXCA) Exists in a vulnerability related to information leakage from log files.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.6.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19756"
}
]
},
"cve": "CVE-2019-19756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014954",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-152234",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014954",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19756",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-19756",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014954",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-521",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152234",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. Lenovo XClarity Administrator (LXCA) Exists in a vulnerability related to information leakage from log files.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "VULHUB",
"id": "VHN-152234"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19756",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-29942",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-19571",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-152234",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"id": "VAR-202003-1772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152234"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:27:36.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-29942",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-29942"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112230"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-29942"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19756"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19756"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152234"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-152234"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"date": "2020-03-13T16:15:11.970000",
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-152234"
},
{
"date": "2020-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014954"
},
{
"date": "2021-11-02T19:16:30.403000",
"db": "NVD",
"id": "CVE-2019-19756"
},
{
"date": "2022-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerability regarding information leakage from log files in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014954"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-521"
}
],
"trust": 0.6
}
}
var-201909-0030
Vulnerability from variot
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains an injection vulnerability.Information may be tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a CSV injection vulnerability in versions earlier than Lenovo LXCA 2.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6182"
}
]
},
"cve": "CVE-2019-6182",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6182",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-157617",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6182",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6182",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6182",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-052",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains an injection vulnerability.Information may be tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a CSV injection vulnerability in versions earlier than Lenovo LXCA 2.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "VULHUB",
"id": "VHN-157617"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6182",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-27805",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"id": "VAR-201909-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157617"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:19.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-27805",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-27805"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=97817"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1236",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-27805"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6182"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6182"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157617"
},
{
"date": "2019-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"date": "2019-09-03T19:15:10.837000",
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-157617"
},
{
"date": "2019-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"date": "2022-10-14T03:20:44.237000",
"db": "NVD",
"id": "CVE-2019-6182"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008960"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-052"
}
],
"trust": 0.6
}
}
var-202002-0478
Vulnerability from variot
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.5.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.6.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.2.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19757"
}
]
},
"cve": "CVE-2019-19757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014621",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-152235",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-014621",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-19757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014621",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-808",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152235",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user\u0027s web browser if a specially crafted link is visited. The JavaScript code is executed on the user\u0027s system, not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "VULHUB",
"id": "VHN-152235"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19757",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-29477",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-09985",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-152235",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"id": "VAR-202002-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152235"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:58:49.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-29477",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"title": "Lenovo XClarity Administrator Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109143"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19757"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19757"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-152235"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"date": "2020-02-14T17:15:11.847000",
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"date": "2020-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-152235"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014621"
},
{
"date": "2020-02-24T17:53:03.400000",
"db": "NVD",
"id": "CVE-2019-19757"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014621"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-808"
}
],
"trust": 0.6
}
}
var-201807-1681
Vulnerability from variot
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9066"
}
]
},
"cve": "CVE-2018-9066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-9066",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-139098",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9066",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9066",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1975",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139098",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA\u0027s underlying operating system. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "VULHUB",
"id": "VHN-139098"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9066",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-22168",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139098",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"id": "VAR-201807-1681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139098"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:37.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-22168",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-22168"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82712"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-22168"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9066"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9066"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-139098"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"date": "2018-07-30T16:29:00.423000",
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"date": "2018-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139098"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008819"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-9066"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo xClarity Administrator Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008819"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1975"
}
],
"trust": 0.6
}
}
var-201711-0397
Vulnerability from variot
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. Lenovo XClarity Administrator (LXCA) Contains an information disclosure vulnerability.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.4.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3764"
}
]
},
"cve": "CVE-2017-3764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-3764",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-111967",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-3764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3764",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111967",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111967"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. Lenovo XClarity Administrator (LXCA) Contains an information disclosure vulnerability.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.4.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "VULHUB",
"id": "VHN-111967"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3764",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-16335",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111967",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111967"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"id": "VAR-201711-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111967"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:06.268000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-16335",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-16335"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76816"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111967"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-16335"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3764"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3764"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111967"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111967"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-111967"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"date": "2017-11-30T19:29:00.193000",
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111967"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011078"
},
{
"date": "2017-12-20T19:04:30.500000",
"db": "NVD",
"id": "CVE-2017-3764"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011078"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1197"
}
],
"trust": 0.6
}
}
var-201703-0202
Vulnerability from variot
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. An information disclosure vulnerability exists in versions prior to Lenovo LXCA 1.2.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.1.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.2.0"
},
{
"model": "xclarity administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.2.2"
}
],
"sources": [
{
"db": "BID",
"id": "95992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "95992"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8233",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97053",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8233",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8233",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-211",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97053",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. An information disclosure vulnerability exists in versions prior to Lenovo LXCA 1.2.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "BID",
"id": "95992"
},
{
"db": "VULHUB",
"id": "VHN-97053"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8233",
"trust": 2.8
},
{
"db": "LENOVO",
"id": "LEN-11635",
"trust": 2.0
},
{
"db": "BID",
"id": "95992",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97053",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97053"
},
{
"db": "BID",
"id": "95992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"id": "VAR-201703-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97053"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:19.090000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-11635",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-11635"
},
{
"title": "Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67515"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/len-11635"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/95992"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8233"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97053"
},
{
"db": "BID",
"id": "95992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97053"
},
{
"db": "BID",
"id": "95992"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-97053"
},
{
"date": "2017-02-02T00:00:00",
"db": "BID",
"id": "95992"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"date": "2017-03-01T22:59:00.170000",
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"date": "2017-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-97053"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "95992"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007813"
},
{
"date": "2017-03-03T02:59:00.843000",
"db": "NVD",
"id": "CVE-2016-8233"
},
{
"date": "2017-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerabilities in which user credentials are viewed in log files generated by",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-211"
}
],
"trust": 0.6
}
}
var-201706-0356
Vulnerability from variot
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. Lenovo XClarity Administrator (LXCA) Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.3.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.3.0"
},
{
"model": "xclarity administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.3"
}
],
"sources": [
{
"db": "BID",
"id": "99347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3745"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "99347"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3745",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-3745",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-111948",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3745",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3745",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-790",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-111948",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA\u0027s internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. Lenovo XClarity Administrator (LXCA) Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.3.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "BID",
"id": "99347"
},
{
"db": "VULHUB",
"id": "VHN-111948"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3745",
"trust": 2.8
},
{
"db": "LENOVO",
"id": "LEN-13671",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790",
"trust": 0.7
},
{
"db": "BID",
"id": "99347",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-111948",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111948"
},
{
"db": "BID",
"id": "99347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"id": "VAR-201706-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111948"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:38:59.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-13671",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-13671"
},
{
"title": "Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71074"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/len-13671"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3745"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3745"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111948"
},
{
"db": "BID",
"id": "99347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111948"
},
{
"db": "BID",
"id": "99347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111948"
},
{
"date": "2017-06-19T00:00:00",
"db": "BID",
"id": "99347"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"date": "2017-06-20T00:29:00.360000",
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-111948"
},
{
"date": "2017-06-19T00:00:00",
"db": "BID",
"id": "99347"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005067"
},
{
"date": "2017-06-30T17:10:47.390000",
"db": "NVD",
"id": "CVE-2017-3745"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-790"
}
],
"trust": 0.6
}
}
var-202002-0369
Vulnerability from variot
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. Lenovo XClarity Administrator (LXCA) There is an information leakage vulnerability in.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0369",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2.6.6"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.5.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6193"
}
]
},
"cve": "CVE-2019-6193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014619",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157628",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014619",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6193",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6193",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014619",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157628",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. Lenovo XClarity Administrator (LXCA) There is an information leakage vulnerability in.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "VULHUB",
"id": "VHN-157628"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6193",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-29477",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-09986",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-157628",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"id": "VAR-202002-0369",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157628"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:58:49.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-29477",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"title": "Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110530"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-29477"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6193"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6193"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-157628"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"date": "2020-02-14T17:15:13.003000",
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"date": "2020-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-157628"
},
{
"date": "2020-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014619"
},
{
"date": "2020-02-24T17:39:34.003000",
"db": "NVD",
"id": "CVE-2019-6193"
},
{
"date": "2020-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014619"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-809"
}
],
"trust": 0.6
}
}
var-201807-1680
Vulnerability from variot
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9065"
}
]
},
"cve": "CVE-2018-9065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9065",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-139097",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9065",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9065",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1976",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139097",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "VULHUB",
"id": "VHN-139097"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9065",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-22168",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139097",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"id": "VAR-201807-1680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139097"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:37.382000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-22168",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-22168"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-22168"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9065"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9065"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-139097"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"date": "2018-07-30T16:29:00.377000",
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"date": "2018-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139097"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008818"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-9065"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo xClarity Administrator Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1976"
}
],
"trust": 0.6
}
}
var-201709-0671
Vulnerability from variot
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. LXCA Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). A security vulnerability exists in versions prior to Lenovo LXCA 1.3.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0671",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3763"
}
]
},
"cve": "CVE-2017-3763",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-3763",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-111966",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3763",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111966",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. LXCA Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). A security vulnerability exists in versions prior to Lenovo LXCA 1.3.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "VULHUB",
"id": "VHN-111966"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3763",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-16333",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111966",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"id": "VAR-201709-0671",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111966"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:08.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-16333",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-16333"
},
{
"title": "Lenovo LXCA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75102"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-16333"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3763"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3763"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-111966"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"date": "2017-09-22T14:29:00.197000",
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"date": "2017-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111966"
},
{
"date": "2017-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008377"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-3763"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LXCA Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008377"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1141"
}
],
"trust": 0.6
}
}
var-201807-1679
Vulnerability from variot
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1679",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.0.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.1"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.3.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9064"
}
]
},
"cve": "CVE-2018-9064",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9064",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-139096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9064",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9064",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1977",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "VULHUB",
"id": "VHN-139096"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9064",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-22168",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139096",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"id": "VAR-201807-1679",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139096"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:37.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-22168",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-22168"
},
{
"title": "Lenovo XClarity Administrator Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82714"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-22168"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9064"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9064"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-139096"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"date": "2018-07-30T16:29:00.313000",
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"date": "2018-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139096"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008817"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-9064"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo xClarity Administrator Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1977"
}
],
"trust": 0.6
}
}
var-201909-0027
Vulnerability from variot
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Security vulnerabilities exist in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter. An attacker could exploit this vulnerability to disclose information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "2.5.0"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "7.7.0"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "6.1.0"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "for microsoft system center 7.7.0"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "for vmware vcenter 6.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"cpe_name": [],
"versionEndExcluding": "7.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6179"
}
]
},
"cve": "CVE-2019-6179",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6179",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6179",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6179",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6179",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-048",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157614",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157614"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Security vulnerabilities exist in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter. An attacker could exploit this vulnerability to disclose information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "VULHUB",
"id": "VHN-157614"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6179",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-27805",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157614",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157614"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"id": "VAR-201909-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157614"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:19.154000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-27805",
"trust": 0.8,
"url": "https://support.lenovo.com/solutions/len-27805"
},
{
"title": "Lenovo XClarity Administrator , Lenovo XClarity Integrator for Microsoft System Center and Lenovo XClarity Integrator for VMWare vCenter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97813"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157614"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-27805"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6179"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6179"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157614"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157614"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157614"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"date": "2019-09-03T19:15:10.647000",
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"date": "2019-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-157614"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008883"
},
{
"date": "2022-10-14T03:34:11.513000",
"db": "NVD",
"id": "CVE-2019-6179"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator and Lenovo XClarity Integrator In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008883"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-048"
}
],
"trust": 0.6
}
}
cve-2023-4605
Vulnerability from cvelistv5
Published
2024-04-05 20:44
Modified
2024-08-12 18:32
Severity ?
EPSS score ?
Summary
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: < 3.6.28 Version: < 4.0.24 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-136592"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xclarity_administrator",
"vendor": "lenovo",
"versions": [
{
"lessThan": "3.6.28",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.0.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T18:31:01.718256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:32:28.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Administrator",
"vendor": "Lenovo ",
"versions": [
{
"lessThan": "3.6.28",
"status": "affected",
"version": " ",
"versionType": "custom"
},
{
"lessThan": "4.0.24",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.\u003c/span\u003e\n\n"
}
],
"value": "\nA valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T20:44:43.105Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-136592"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eUpdate to the Lenovo XClarity Administrator (LXCA) version (or higher) as recommended in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-136592\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-136592\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFollow general security best practices, such as limiting access to only trusted users within the environment. \u003c/p\u003e\u003cp\u003eOnly grant LXCA remote console/mount privileges to trusted administrative users.\u003c/p\u003e"
}
],
"value": "\nUpdate to the Lenovo XClarity Administrator (LXCA) version (or higher) as recommended in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-136592 \n\nFollow general security best practices, such as limiting access to only trusted users within the environment. \n\nOnly grant LXCA remote console/mount privileges to trusted administrative users.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4605",
"datePublished": "2024-04-05T20:44:43.105Z",
"dateReserved": "2023-08-29T15:54:52.890Z",
"dateUpdated": "2024-08-12T18:32:28.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45102
Vulnerability from cvelistv5
Published
2025-01-14 21:18
Modified
2025-01-14 21:18
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: 0 < 4.1 |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Administrator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.\u003c/span\u003e"
}
],
"value": "A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T21:18:25.798Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-154748\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-154748\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-45102",
"datePublished": "2025-01-14T21:18:25.798Z",
"dateReserved": "2024-08-21T19:24:36.785Z",
"dateUpdated": "2025-01-14T21:18:25.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8355
Vulnerability from cvelistv5
Published
2021-02-10 21:05
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-50446 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: unspecified < 3.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-50446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Administrator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T21:05:16",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-50446"
}
],
"solutions": [
{
"lang": "en",
"value": "Update your LXCA installation to version 3.1.0 or later."
}
],
"source": {
"advisory": "LEN-50446",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2021-02-10T20:44:00.000Z",
"ID": "CVE-2020-8355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Administrator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.1.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-50446",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-50446"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update your LXCA installation to version 3.1.0 or later."
}
],
"source": {
"advisory": "LEN-50446",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8355",
"datePublished": "2021-02-10T21:05:16.262941Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T01:56:10.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45103
Vulnerability from cvelistv5
Published
2024-09-13 17:28
Modified
2024-09-13 17:49
Severity ?
EPSS score ?
Summary
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: 0 < 4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:49:04.635623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:49:12.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Administrator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.\u003c/span\u003e"
}
],
"value": "A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282: Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:28:26.004Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-154748\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-154748\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-45103",
"datePublished": "2024-09-13T17:28:26.004Z",
"dateReserved": "2024-08-21T19:24:36.785Z",
"dateUpdated": "2024-09-13T17:49:12.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45101
Vulnerability from cvelistv5
Published
2024-09-13 17:27
Modified
2024-09-13 17:50
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: 0 < 4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "xclarity_administrator",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:49:37.744521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:50:38.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Administrator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user\u2019s XCC session if they can convince the user to click on a specially crafted URL.\u003c/span\u003e"
}
],
"value": "A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user\u2019s XCC session if they can convince the user to click on a specially crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:27:56.092Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-154748\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-154748\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-45101",
"datePublished": "2024-09-13T17:27:56.092Z",
"dateReserved": "2024-08-21T19:24:36.785Z",
"dateUpdated": "2024-09-13T17:50:38.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45104
Vulnerability from cvelistv5
Published
2024-09-13 17:28
Modified
2024-09-13 17:48
Severity ?
EPSS score ?
Summary
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator |
Version: 0 < 4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:48:37.787532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:48:48.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Administrator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.\u003c/span\u003e"
}
],
"value": "A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282: Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:28:55.910Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-154748\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-154748\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-45104",
"datePublished": "2024-09-13T17:28:55.910Z",
"dateReserved": "2024-08-21T19:24:36.785Z",
"dateUpdated": "2024-09-13T17:48:48.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}