All the vulnerabilites related to lenovo - xclarity_controller
Vulnerability from fkie_nvd
Published
2022-05-18 16:15
Modified
2024-11-21 06:23
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1749A9CB-1719-4CC8-8476-D06D99BB2A2F",
"versionEndExcluding": "7.22_cdi382o",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFD8C5A-D9E0-4EFF-92A3-17A6DBE7D155",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1520-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DD614-F500-4FFB-8FD4-D2B284FE5E55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D33A804F-C94C-4A6C-AA84-957834680652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx2320-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DECFCE59-8456-47A3-8A8E-989813E37674",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E515C4-D2F2-4A71-9A9C-70A80477352A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3EBE9-34C1-45CA-A800-B313110409DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E6A2F7-7EC0-46E1-A973-2172B076E883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8126219-A07C-42A6-9553-B6AE499DB6BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57D7A545-BE29-4F0B-AC77-8E6DE955CA5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D354C3-0183-42D9-97D0-C9888B023195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0DDCC8-46B7-43FA-8A4A-BCE8AB7F8480",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5520-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB95DEC-D622-4AD7-AC69-077A94BD752C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5521:-:*:*:*:*:*:*:*",
"matchCriteriaId": "924C1B4B-6E97-4942-8000-BB59860913EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5521-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5788FFBD-69B4-4FB6-A2D2-4C6BA6CCE769",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16776C5F-CCAF-4F22-B570-FE49A0B73FF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7521:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F350D6FE-7BE1-46C9-B1A6-4EE0AF8BCB55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx2320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7500A0-B95E-4E16-B532-28C139C94AF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8B3E93-970D-4B49-B5A6-6BFAC45BAAC4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx3520-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72422C47-0027-4B4E-9C82-78FE8A8A6D75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704A1043-7626-412C-8666-9088B3AA1147",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx7320_n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "435794D6-7773-4D93-96E2-7269EB863A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E25483F5-F222-42AF-ACA4-580CD2965C55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx7520_n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C923CF1-EB97-431F-9D85-0CB5C921A040",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D47FCAA7-B33F-4F00-85BA-AA8ED4790572",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE27586B-1CC9-42A3-B763-93972E204A6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr665:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE69184-CA94-4A27-AFF2-3B1B81D25CBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6975F7A6-DBC8-42D4-B067-E397FD978F3E",
"versionEndExcluding": "2.32_psi342n",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2540A2-1462-42F7-949C-9881544DE684",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E153D62-9443-4F52-BA47-5C2704E05BC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B0407D-D603-48AE-9A42-F4C68056E19D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3658E6-8820-45E5-8357-7A9EB564553A",
"versionEndExcluding": "3.41_tei382m",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx1021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F4237-BD63-4A87-B44A-970871642E27",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_se350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4B877C-8D19-4AD2-948D-ADBD9B1BEEED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97D0E172-D188-4293-BD6D-94128304F07E",
"versionEndExcluding": "4.83_tei3c0n",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1FF5D0-CC08-42B0-9798-55ED911B3EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F17BC4-421A-453D-B933-97AA7BBED79E",
"versionEndExcluding": "1.51_tgbt24l",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95893E4E-6850-4C53-A5D6-12C3B9BB0E92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F9CC8A-CCFA-4499-A2C8-6251EF43968D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad de elusi\u00f3n de autenticaci\u00f3n de solo lectura en la versi\u00f3n del tercer trimestre de 2021 del firmware de Lenovo XClarity Controller (XCC) que afecta a los dispositivos XCC configurados en el modo de solo autenticaci\u00f3n LDAP y que usan un servidor LDAP que admite \u20ac\u0153unauthenticated bind\u00e2\u20ac?, como Microsoft Active Directory. Un usuario no autenticado puede conseguir acceso de s\u00f3lo lectura al XCC en dicha configuraci\u00f3n, lo que permite visualizar la configuraci\u00f3n del dispositivo XCC pero no modificarla. Los dispositivos XCC configurados para usar la autenticaci\u00f3n local, el modo de autenticaci\u00f3n + autorizaci\u00f3n LDAP o los servidores LDAP que s\u00f3lo admiten la \"vinculaci\u00f3n autenticada\" y/o la \"vinculaci\u00f3n an\u00f3nima\" no est\u00e1n afectados"
}
],
"id": "CVE-2021-3956",
"lastModified": "2024-11-21T06:23:13.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T16:15:08.063",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 02:15
Modified
2024-11-21 04:46
Severity ?
Summary
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-29118 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-29118 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEA7654-0593-4CEA-9040-078D4801C871",
"versionEndExcluding": "tei392m",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7x82:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C022FCB-ECB4-4E33-84E9-28E97AF1C21F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1B8C35-DF16-4D29-AF9E-01339AC9BED4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99BA98D3-E3A9-49A0-9B0E-967B9126675B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y88:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D51EBEBE-ADB7-48C3-9848-E3203333F2FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y92:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E914E260-382D-4CD0-BCE1-D960DAA30E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z03:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8279AC5-03B1-44D6-8C9B-989F2C281641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1FF5D0-CC08-42B0-9798-55ED911B3EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C03E8D97-6337-4E22-8125-8CED65281D5C",
"versionEndExcluding": "cdi340m",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7d1h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCA03A8-09C3-47A3-9715-D869B848771B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7x83:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D84E8645-BDEA-4DBD-972B-FFEEBD6EEA85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D9ADA-4F3C-43A6-902F-E6626BC692F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB46A9B-16D9-4D4C-9BE1-813452C51C11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DAB6CE-B360-489B-93DF-F98C4DE85DFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y93:-:*:*:*:*:*:*:*",
"matchCriteriaId": "634E0104-AD3D-48A3-B0E0-A74C15FAACC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7y94:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B0F1CD-A017-4C20-AEB9-F80BA7FF304B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z04:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871F4EE6-3E47-499E-9650-47AB35EBBD9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z05:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D7C95C-F43D-4A1A-BD8B-5F40D8003477",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z06:-:*:*:*:*:*:*:*",
"matchCriteriaId": "792A1744-DFC1-420D-BFD5-60AE54DA54CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z07:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F814B1C-E4E4-48BA-92C4-39B7997B51F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_7z20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40516AAC-4F19-4AE8-9C0B-0697D36FB0F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_yx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6876F1AA-3196-4576-B8F4-202266DA64EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93ED5C3-F8AF-4793-8CD5-2795EDE1CC04",
"versionEndExcluding": "g1i312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:_thinksystem_sr670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "158A1ED4-96CD-4F8B-B607-6AC5AF12E057",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB970505-71D1-4802-8D9F-6D81A4024470",
"versionEndExcluding": "psi328m",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B0407D-D603-48AE-9A42-F4C68056E19D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server."
},
{
"lang": "es",
"value": "Se report\u00f3 una vulnerabilidad de inyecci\u00f3n CSV almacenada en Lenovo XClarity Controller (XCC) lo que podr\u00eda permitir a un usuario administrativo u otro usuario con permiso apropiado almacenar datos malformados en determinados campos informativos del servidor de XCC, que podr\u00eda resultar en que las f\u00f3rmulas especialmente dise\u00f1adas sean almacenadas en un archivo CSV exportado. La f\u00f3rmula especialmente dise\u00f1ada no es ejecutada en XCC y no tiene ning\u00fan efecto en el servidor."
}
],
"id": "CVE-2019-6187",
"lastModified": "2024-11-21T04:46:07.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T02:15:10.787",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-29118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-29118"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-14 17:15
Modified
2024-11-21 04:46
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE",
"versionEndExcluding": "3.01_tei392o",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E",
"versionEndExcluding": "3.08_cdi340v",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3",
"versionEndExcluding": "1.71_psi328n",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
},
{
"lang": "es",
"value": "Se presenta una omisi\u00f3n de autorizaci\u00f3n en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versi\u00f3n 3.01 TEI392O, versi\u00f3n 1.71 PSI328N, donde un usuario autenticado v\u00e1lido con privilegios menores puede tener acceso de solo de lectura a informaci\u00f3n con privilegios superiores si 1) \"LDAP Authentication Only with Local Authorization\u201d es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesi\u00f3n en XCC dentro de 1 minuto despu\u00e9s de que un usuario con mayor privilegio cierre sesi\u00f3n. La omisi\u00f3n de autorizaci\u00f3n no se presenta cuando los modos \u201cLocal Authentication and Authorization\u201d o \u201cLDAP Authentication and Authorization\u201d son configurados y utilizados por XCC."
}
],
"id": "CVE-2019-6195",
"lastModified": "2024-11-21T04:46:09.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-14T17:15:13.223",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-13 21:15
Modified
2024-11-21 06:21
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:6.00_cdi370q:*:*:*:*:*:*:*",
"matchCriteriaId": "78EECA5F-3439-4E53-AD24-1E93F215E2C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx2320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "562D18F3-5241-4B0B-AC5A-093795AE057B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3EBE9-34C1-45CA-A800-B313110409DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8126219-A07C-42A6-9553-B6AE499DB6BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D354C3-0183-42D9-97D0-C9888B023195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C38326D-97DD-4A6B-985F-968570528C19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16776C5F-CCAF-4F22-B570-FE49A0B73FF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2540A2-1462-42F7-949C-9881544DE684",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_certified_nodes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39169F30-ACE5-48EC-9D51-34C8F52D33C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61CA8EA-F59F-4BB3-963A-163FE450A052",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663D3BA7-F1A9-4EC5-8D31-0FC9AEEF337E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_dense:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E560B9E-CF34-42F5-83E3-21F50E459EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:1.10_tgbt12q:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5151FA-DA37-475F-A748-DBDCE8EC14EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx2320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "562D18F3-5241-4B0B-AC5A-093795AE057B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3EBE9-34C1-45CA-A800-B313110409DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8126219-A07C-42A6-9553-B6AE499DB6BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D354C3-0183-42D9-97D0-C9888B023195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C38326D-97DD-4A6B-985F-968570528C19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16776C5F-CCAF-4F22-B570-FE49A0B73FF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2540A2-1462-42F7-949C-9881544DE684",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_certified_nodes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39169F30-ACE5-48EC-9D51-34C8F52D33C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0E5EF6-2664-4DEC-BD90-BF3128DC9DA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61CA8EA-F59F-4BB3-963A-163FE450A052",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663D3BA7-F1A9-4EC5-8D31-0FC9AEEF337E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_dense:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E560B9E-CF34-42F5-83E3-21F50E459EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_se350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4B877C-8D19-4AD2-948D-ADBD9B1BEEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1664DE-A6AE-4365-A652-80CEFECB62DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A833BF2-DD7B-4A09-AAB8-14C0C7C5DE10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:2.14_psi338i:*:*:*:*:*:*:*",
"matchCriteriaId": "C1225B77-7799-4365-8BF2-FE61404F4BA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B0407D-D603-48AE-9A42-F4C68056E19D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:4.40_tei3b2p:*:*:*:*:*:*:*",
"matchCriteriaId": "77357A60-44C5-4988-926A-470F54F0FA70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx2320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "562D18F3-5241-4B0B-AC5A-093795AE057B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3EBE9-34C1-45CA-A800-B313110409DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8126219-A07C-42A6-9553-B6AE499DB6BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D354C3-0183-42D9-97D0-C9888B023195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx3720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C38326D-97DD-4A6B-985F-968570528C19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16776C5F-CCAF-4F22-B570-FE49A0B73FF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2540A2-1462-42F7-949C-9881544DE684",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61CA8EA-F59F-4BB3-963A-163FE450A052",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663D3BA7-F1A9-4EC5-8D31-0FC9AEEF337E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_dense:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E560B9E-CF34-42F5-83E3-21F50E459EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1FF5D0-CC08-42B0-9798-55ED911B3EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC."
},
{
"lang": "es",
"value": "Una auditor\u00eda interna de seguridad del producto de Lenovo XClarity Controller (XCC) detect\u00f3 que la contrase\u00f1a de copia de seguridad y restauraci\u00f3n de la configuraci\u00f3n de XCC puede ser escrita en un b\u00fafer de registro interno de XCC si Lenovo XClarity Administrator (LXCA) es usada para llevar a cabo la copia de seguridad y restauraci\u00f3n.\u0026#xa0;La contrase\u00f1a de copia de seguridad y restauraci\u00f3n normalmente se presenta en este b\u00fafer de registro interno durante menos de 10 minutos antes ser sobrescrito.\u0026#xa0;Al generar un registro de servicio FFDC incluir\u00e1 el contenido del b\u00fafer del registro, incluyendo la contrase\u00f1a de copia de seguridad y restauraci\u00f3n, si est\u00e1 presente.\u0026#xa0;El registro de servicio FFDC solo es generado cuando es requerido por un usuario XCC privilegiado y solo es accesible para el usuario XCC privilegiado que requiri\u00f3 el archivo.\u0026#xa0;La contrase\u00f1a de copia de seguridad y restauraci\u00f3n no es capturada si la copia de seguridad y restauraci\u00f3n es iniciada directamente desde XCC"
}
],
"id": "CVE-2021-3473",
"lastModified": "2024-11-21T06:21:37.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T21:15:25.410",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-52117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-52117"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-3956
Vulnerability from cvelistv5
Published
2022-05-18 16:10
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-72074 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Controller (XCC) |
Version: various Third Quarter 2021 releases |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various Third Quarter 2021 releases"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:10:24",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-72074."
}
],
"source": {
"advisory": "LEN-72074",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Controller (XCC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various Third Quarter 2021 releases"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-72074",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-72074."
}
],
"source": {
"advisory": "LEN-72074",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3956",
"datePublished": "2022-05-18T16:10:24",
"dateReserved": "2021-11-12T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3473
Vulnerability from cvelistv5
Published
2021-04-13 20:41
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-52117 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Controller (XCC) |
Version: unspecified < 6.00 CDI370Q Version: unspecified < 1.10 TGBT12Q Version: unspecified < 3.20 TEI378W Version: unspecified < 2.14 PSI338I Version: unspecified < 4.40 TEI3B2P |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-52117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.00 CDI370Q",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "1.10 TGBT12Q",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.20 TEI378W",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.14 PSI338I",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.40 TEI3B2P",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T20:41:46",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-52117"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-52117."
}
],
"source": {
"advisory": "LEN-52117",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Controller (XCC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.00 CDI370Q"
},
{
"version_affected": "\u003c",
"version_value": "1.10 TGBT12Q"
},
{
"version_affected": "\u003c",
"version_value": "3.20 TEI378W"
},
{
"version_affected": "\u003c",
"version_value": "2.14 PSI338I"
},
{
"version_affected": "\u003c",
"version_value": "4.40 TEI3B2P"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-52117",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-52117"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-52117."
}
],
"source": {
"advisory": "LEN-52117",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3473",
"datePublished": "2021-04-13T20:41:46",
"dateReserved": "2021-03-29T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6195
Vulnerability from cvelistv5
Published
2020-02-14 17:10
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-29116 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | XClarity Controller (XCC) |
Version: unspecified < 3.08 CDI340V Version: unspecified < 3.01 TEI392O Version: unspecified < 1.71 PSI328N |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.08 CDI340V",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.01 TEI392O",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "1.71 PSI328N",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T17:10:27",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo XClarity Controller (XCC) version 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N or higher."
}
],
"source": {
"advisory": "LEN-29116",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-02-14T17:00:00.000Z",
"ID": "CVE-2019-6195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Controller (XCC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.08 CDI340V"
},
{
"version_affected": "\u003c",
"version_value": "3.01 TEI392O"
},
{
"version_affected": "\u003c",
"version_value": "1.71 PSI328N"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-29116",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo XClarity Controller (XCC) version 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N or higher."
}
],
"source": {
"advisory": "LEN-29116",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6195",
"datePublished": "2020-02-14T17:10:27.559154Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T16:14:10.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6187
Vulnerability from cvelistv5
Published
2019-11-20 01:31
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-29118 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Lenovo XClarity Controller (XCC) |
Version: unspecified < TEI392M Version: unspecified < CDI340M Version: unspecified < G1I312 Version: unspecified < PSI328M |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-29118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TEI392M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "CDI340M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "G1I312",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PSI328M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "arbitrary eode execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T01:31:13",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-29118"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCC to the version indicated for your product."
}
],
"source": {
"advisory": "LEN-29118",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-11-19T17:00:00.000Z",
"ID": "CVE-2019-6187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo XClarity Controller (XCC)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "TEI392M"
},
{
"version_affected": "\u003c",
"version_value": "CDI340M"
},
{
"version_affected": "\u003c",
"version_value": "G1I312"
},
{
"version_affected": "\u003c",
"version_value": "PSI328M"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary eode execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-29118",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-29118"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCC to the version indicated for your product."
}
],
"source": {
"advisory": "LEN-29118",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6187",
"datePublished": "2019-11-20T01:31:13.802773Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-17T00:50:51.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}