cvelistv5 - cve-2018-16097

CVE-2018-16097 (GCVE-0-2018-16097)

Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17

Summary

Severity ?

No CVSS data available.

CWE

file system modification

Assigner

lenovo

References

URL

Tags

https://support.lenovo.com/us/en/solutions/LEN-23800

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Lenovo

LXCI for VMware

Affected: unspecified , < 5.5 (custom)

Lenovo

LXCI for Microsoft System Center

Affected: unspecified , < 3.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:17:37.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LXCI for VMware",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LXCI for Microsoft System Center",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "file system modification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-30T13:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
        }
      ],
      "source": {
        "advisory": "LEN-23800",
        "discovery": "INTERNAL"
      },
      "title": "LXCI for VMware and LXCI for Microsoft System Center",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2018-16097",
          "STATE": "PUBLIC",
          "TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LXCI for VMware",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "5.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LXCI for Microsoft System Center",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "file system modification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
          }
        ],
        "source": {
          "advisory": "LEN-23800",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2018-16097",
    "datePublished": "2018-11-30T14:00:00",
    "dateReserved": "2018-08-29T00:00:00",
    "dateUpdated": "2024-08-05T10:17:37.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"6415AB74-5196-4EEA-A2EC-71EFA00F4BA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*\", \"versionEndExcluding\": \"5.5\", \"matchCriteriaId\": \"C9E02957-A40D-4606-BF38-2DC66446F81B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.\"}, {\"lang\": \"es\", \"value\": \"LXCI para VMware, en versiones anteriores a la 5.5, y LXCI para Microsoft System Center, en versiones anteriores a la 3.5, permiten que un usuario autenticado escriba a cualquier sistema de archivos debido al saneamiento incorrecto durante la subida de un certificado.\"}]",
      "id": "CVE-2018-16097",
      "lastModified": "2024-11-21T03:52:06.083",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-11-30T14:29:00.393",
      "references": "[{\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-23800\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-23800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-16097\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2018-11-30T14:29:00.393\",\"lastModified\":\"2024-11-21T03:52:06.083\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.\"},{\"lang\":\"es\",\"value\":\"LXCI para VMware, en versiones anteriores a la 5.5, y LXCI para Microsoft System Center, en versiones anteriores a la 3.5, permiten que un usuario autenticado escriba a cualquier sistema de archivos debido al saneamiento incorrecto durante la subida de un certificado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"6415AB74-5196-4EEA-A2EC-71EFA00F4BA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*\",\"versionEndExcluding\":\"5.5\",\"matchCriteriaId\":\"C9E02957-A40D-4606-BF38-2DC66446F81B\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-23800\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-23800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

VAR-201811-0337

Vulnerability from variot - Updated: 2023-12-18 13:13

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. VMware For and Microsoft System Center for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities: 1. An arbitrary-file-download vulnerability 2. An arbitrary file-overwrite vulnerability Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. LXCI for Microsoft System Center is the version for Microsoft System Center. The vulnerability stems from insufficient verification when uploading certificates

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0337",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xclarity integrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "3.5"
      },
      {
        "model": "xclarity integrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "5.5"
      },
      {
        "model": "xclarity integrator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "for microsoft system center 3.5"
      },
      {
        "model": "xclarity integrator",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "for vmware 5.5"
      },
      {
        "model": "xclarity integrator for vmware vcenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.4"
      },
      {
        "model": "xclarity integrator for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "3.4"
      },
      {
        "model": "xclarity integrator for vmware vcenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "5.5"
      },
      {
        "model": "xclarity integrator for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "3.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo",
    "sources": [
      {
        "db": "BID",
        "id": "107583"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-16097",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-16097",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-126422",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-16097",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-16097",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-011",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126422",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. VMware For and Microsoft System Center for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities:\n1. An arbitrary-file-download vulnerability\n2. An arbitrary file-overwrite vulnerability\nAttackers can overwrite arbitrary files on an unsuspecting user\u0027s computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. LXCI for Microsoft System Center is the version for Microsoft System Center. The vulnerability stems from insufficient verification when uploading certificates",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "BID",
        "id": "107583"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16097",
        "trust": 2.8
      },
      {
        "db": "LENOVO",
        "id": "LEN-23800",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "107583",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-126422",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "db": "BID",
        "id": "107583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "id": "VAR-201811-0337",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:13:38.002000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-23800",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/solutions/len-23800"
      },
      {
        "title": "Lenovo XClarity Integrator for Vmware  and Microsoft System Center Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87347"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-434",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/us/en/solutions/len-23800"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16097"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16097"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/in/en/solutions/lnvo-scvmadd"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/in/en/solutions/lnvo-vmware"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/in/en/solutions/len-23800"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "db": "BID",
        "id": "107583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "db": "BID",
        "id": "107583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "date": "2018-11-29T00:00:00",
        "db": "BID",
        "id": "107583"
      },
      {
        "date": "2019-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "date": "2018-11-30T14:29:00.393000",
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "date": "2018-12-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126422"
      },
      {
        "date": "2018-11-29T00:00:00",
        "db": "BID",
        "id": "107583"
      },
      {
        "date": "2019-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      },
      {
        "date": "2018-12-28T17:36:29.537000",
        "db": "NVD",
        "id": "CVE-2018-16097"
      },
      {
        "date": "2018-12-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware For and  Microsoft System Center for  LXCI Vulnerable to unlimited upload of dangerous types of files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012837"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-011"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-16097

Vulnerability from fkie_nvd - Published: 2018-11-30 14:29 - Updated: 2024-11-21 03:52

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	psirt@lenovo.com	https://support.lenovo.com/us/en/solutions/LEN-23800	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/solutions/LEN-23800	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	xclarity_integrator	*
	lenovo	xclarity_integrator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
              "matchCriteriaId": "6415AB74-5196-4EEA-A2EC-71EFA00F4BA1",
              "versionEndExcluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
              "versionEndExcluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
    },
    {
      "lang": "es",
      "value": "LXCI para VMware, en versiones anteriores a la 5.5, y LXCI para Microsoft System Center, en versiones anteriores a la 3.5, permiten que un usuario autenticado escriba a cualquier sistema de archivos debido al saneamiento incorrecto durante la subida de un certificado."
    }
  ],
  "id": "CVE-2018-16097",
  "lastModified": "2024-11-21T03:52:06.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-30T14:29:00.393",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-G4V6-2497-JH7Q

Vulnerability from github – Published: 2022-05-14 01:44 – Updated: 2022-05-14 01:44

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-30T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.",
  "id": "GHSA-g4v6-2497-jh7q",
  "modified": "2022-05-14T01:44:38Z",
  "published": "2022-05-14T01:44:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16097"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-16097

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16097

Aliases

CVE-2018-16097

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16097",
    "description": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.",
    "id": "GSD-2018-16097"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16097"
      ],
      "details": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.",
      "id": "GSD-2018-16097",
      "modified": "2023-12-13T01:22:26.379567Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "ID": "CVE-2018-16097",
        "STATE": "PUBLIC",
        "TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LXCI for VMware",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "5.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "LXCI for Microsoft System Center",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "3.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "file system modification"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
        }
      ],
      "source": {
        "advisory": "LEN-23800",
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2018-16097"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-12-28T17:36Z",
      "publishedDate": "2018-11-30T14:29Z"
    }
  }
}

CNVD-2018-25296

Vulnerability from cnvd - Published: 2018-12-14

Title

Lenovo XClarity Integrator for Vmware和Microsoft System Center文件写入漏洞

Description

Lenovo XClarity Integrator（LXCI）for Vmware是中国联想（Lenovo）公司的一款适用于Vmware的应用程序。该程序提供基础架构资源管理、自动化和IT服务管理等扩展功能。LXCI for Microsoft System Center是适用于Microsoft System Center的版本。 Lenovo LXCI for Vmware 5.5之前版本和LXCI for Microsoft System Center 3.5之前版本中存在安全漏洞，该漏洞源于在上传证书时，程序未能充分地进行验证。攻击者可利用该漏洞写入任意的系统文件。

Severity

高

Patch Name

Lenovo XClarity Integrator for Vmware和Microsoft System Center文件写入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/zh/solutions/len-23800

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-16097

Impacted products

Name
['Lenovo XClarity Integrator（LXCI）for Vmware <5.5', 'Lenovo LXCI for Microsoft System Center <3.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16097"
    }
  },
  "description": "Lenovo XClarity Integrator\uff08LXCI\uff09for Vmware\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8eVmware\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u57fa\u7840\u67b6\u6784\u8d44\u6e90\u7ba1\u7406\u3001\u81ea\u52a8\u5316\u548cIT\u670d\u52a1\u7ba1\u7406\u7b49\u6269\u5c55\u529f\u80fd\u3002LXCI for Microsoft System Center\u662f\u9002\u7528\u4e8eMicrosoft System Center\u7684\u7248\u672c\u3002\n\nLenovo LXCI for Vmware 5.5\u4e4b\u524d\u7248\u672c\u548cLXCI for Microsoft System Center 3.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4e0a\u4f20\u8bc1\u4e66\u65f6\uff0c\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u8fdb\u884c\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u7684\u7cfb\u7edf\u6587\u4ef6\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/zh/solutions/len-23800",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25296",
  "openTime": "2018-12-14",
  "patchDescription": "Lenovo XClarity Integrator\uff08LXCI\uff09for Vmware\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8eVmware\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u57fa\u7840\u67b6\u6784\u8d44\u6e90\u7ba1\u7406\u3001\u81ea\u52a8\u5316\u548cIT\u670d\u52a1\u7ba1\u7406\u7b49\u6269\u5c55\u529f\u80fd\u3002LXCI for Microsoft System Center\u662f\u9002\u7528\u4e8eMicrosoft System Center\u7684\u7248\u672c\u3002\r\n\r\nLenovo LXCI for Vmware 5.5\u4e4b\u524d\u7248\u672c\u548cLXCI for Microsoft System Center 3.5\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4e0a\u4f20\u8bc1\u4e66\u65f6\uff0c\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u8fdb\u884c\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u7684\u7cfb\u7edf\u6587\u4ef6\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo XClarity Integrator for Vmware\u548cMicrosoft System Center\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo XClarity Integrator\uff08LXCI\uff09for Vmware \u003c5.5",
      "Lenovo LXCI for Microsoft System Center \u003c3.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-16097",
  "serverity": "\u9ad8",
  "submitTime": "2018-12-03",
  "title": "Lenovo XClarity Integrator for Vmware\u548cMicrosoft System Center\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16097 (GCVE-0-2018-16097)

VAR-201811-0337

FKIE_CVE-2018-16097

GHSA-G4V6-2497-JH7Q

GSD-2018-16097

CNVD-2018-25296

Tags

Sightings

Nomenclature