All the vulnerabilites related to lenovo - xclarity_integrator
Vulnerability from fkie_nvd
Published
2018-11-30 14:29
Modified
2024-11-21 03:52
Severity ?
Summary
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | xclarity_integrator | * | |
| lenovo | xclarity_integrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"matchCriteriaId": "6415AB74-5196-4EEA-A2EC-71EFA00F4BA1",
"versionEndExcluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
"versionEndExcluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
},
{
"lang": "es",
"value": "LXCI para VMware, en versiones anteriores a la 5.5, y LXCI para Microsoft System Center, en versiones anteriores a la 3.5, permiten que un usuario autenticado escriba a cualquier sistema de archivos debido al saneamiento incorrecto durante la subida de un certificado."
}
],
"id": "CVE-2018-16097",
"lastModified": "2024-11-21T03:52:06.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-30T14:29:00.393",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-03 19:15
Modified
2024-11-21 04:46
Severity ?
Summary
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27805 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27805 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | xclarity_administrator | * | |
| lenovo | xclarity_integrator | * | |
| lenovo | xclarity_integrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661DC48D-6DFC-4B7E-AF89-DA9FF17E1045",
"versionEndExcluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "F7D8319D-3128-46B0-8EA3-07DDB9000CC6",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"matchCriteriaId": "3DCDFDA5-708B-4E60-87D9-7DF71BFDF52D",
"versionEndExcluding": "7.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
},
{
"lang": "es",
"value": "Se informo de una vulnerabilidad de procesamiento de XEE (XML External Entity) en Lenovo XClarity Administrator (LXCA) en versiones anteriores a la 2.5.0, Lenovo XClarity Integrator (LXCI) para Microsoft System Center en versiones anteriores a la 7.7.0, y Lenovo XClarity Integrator (LXCI) para VMWare vCenter en versiones anteriores a la 6.1.0 que podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2019-6179",
"lastModified": "2024-11-21T04:46:06.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-03T19:15:10.647",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-30 14:29
Modified
2024-11-21 04:14
Severity ?
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | xclarity_integrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
"versionEndExcluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
},
{
"lang": "es",
"value": "En versiones anteriores a la 5.5, LXCI para VMware permite que un usuario autenticado descargue cualquier archivo del sistema debido al saneamiento insuficiente de entradas durante la descarga de archivos."
}
],
"id": "CVE-2018-9072",
"lastModified": "2024-11-21T04:14:55.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-30T14:29:00.457",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-30 14:29
Modified
2024-11-21 03:52
Severity ?
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-23800 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | xclarity_integrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
"versionEndExcluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
},
{
"lang": "es",
"value": "En versiones anteriores a la 5.5, LXCI para VMware permite que un usuario autenticado escriba a cualquier sistema de archivos debido al saneamiento incorrecto durante la subida de un archivo de copia de seguridad."
}
],
"id": "CVE-2018-16093",
"lastModified": "2024-11-21T03:52:05.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-30T14:29:00.347",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-6179
Vulnerability from cvelistv5
Published
2019-09-03 18:50
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27805 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo | XClarity Administrator (LXCA) |
Version: unspecified < 2.5.0 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Administrator (LXCA)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for VMware vCenter",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"datePublic": "2019-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:50:10",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"solutions": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.5.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "7.7.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for VMware vCenter",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27805",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6179",
"datePublished": "2019-09-03T18:50:10.921568Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T21:02:44.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9072
Vulnerability from cvelistv5
Published
2018-11-30 14:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-23800 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | LXCI for VMware |
Version: unspecified < 5.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9072",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9072",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16093
Vulnerability from cvelistv5
Published
2018-11-30 14:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-23800 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | LXCI for VMware |
Version: unspecified < 5.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16093",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16093",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16097
Vulnerability from cvelistv5
Published
2018-11-30 14:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-23800 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Lenovo | LXCI for VMware |
Version: unspecified < 5.5 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "LXCI for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "file system modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware and LXCI for Microsoft System Center",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16097",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
},
{
"product_name": "LXCI for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file system modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16097",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}