FKIE_CVE-2019-6195
Vulnerability from fkie_nvd - Published: 2020-02-14 17:15 - Updated: 2024-11-21 04:46
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE",
"versionEndExcluding": "3.01_tei392o",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E",
"versionEndExcluding": "3.08_cdi340v",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3",
"versionEndExcluding": "1.71_psi328n",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
},
{
"lang": "es",
"value": "Se presenta una omisi\u00f3n de autorizaci\u00f3n en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versi\u00f3n 3.01 TEI392O, versi\u00f3n 1.71 PSI328N, donde un usuario autenticado v\u00e1lido con privilegios menores puede tener acceso de solo de lectura a informaci\u00f3n con privilegios superiores si 1) \"LDAP Authentication Only with Local Authorization\u201d es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesi\u00f3n en XCC dentro de 1 minuto despu\u00e9s de que un usuario con mayor privilegio cierre sesi\u00f3n. La omisi\u00f3n de autorizaci\u00f3n no se presenta cuando los modos \u201cLocal Authentication and Authorization\u201d o \u201cLDAP Authentication and Authorization\u201d son configurados y utilizados por XCC."
}
],
"id": "CVE-2019-6195",
"lastModified": "2024-11-21T04:46:09.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-14T17:15:13.223",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…