VAR-201811-0333
Vulnerability from variot - Updated: 2023-12-18 13:13In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. Vmware for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities: 1. An arbitrary-file-download vulnerability 2. An arbitrary file-overwrite vulnerability Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. The following versions of Lenovo XClarity Integrator are vulnerable: Lenovo XClarity Integrator for VMware versions prior to 5.5 are vulnerable.Lenovo XClarity Integrator for Microsoft System Center versions prior to 3.5 are vulnerable. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. The vulnerability stems from the fact that the program does not perform sufficient filtering when uploading backup files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.5"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "for vmware 5.5"
},
{
"model": "xclarity integrator for vmware vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.4"
},
{
"model": "xclarity integrator for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.4"
},
{
"model": "xclarity integrator for vmware vcenter",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.5"
},
{
"model": "xclarity integrator for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.5"
}
],
"sources": [
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16093"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "107583"
}
],
"trust": 0.3
},
"cve": "CVE-2018-16093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16093",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-126418",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16093",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16093",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126418",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126418"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. Vmware for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities:\n1. An arbitrary-file-download vulnerability\n2. An arbitrary file-overwrite vulnerability\nAttackers can overwrite arbitrary files on an unsuspecting user\u0027s computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. \nThe following versions of Lenovo XClarity Integrator are vulnerable:\nLenovo XClarity Integrator for VMware versions prior to 5.5 are vulnerable.Lenovo XClarity Integrator for Microsoft System Center versions prior to 3.5 are vulnerable. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. The vulnerability stems from the fact that the program does not perform sufficient filtering when uploading backup files",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "VULHUB",
"id": "VHN-126418"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16093",
"trust": 2.8
},
{
"db": "LENOVO",
"id": "LEN-23800",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012",
"trust": 0.7
},
{
"db": "BID",
"id": "107583",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-126418",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126418"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"id": "VAR-201811-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126418"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:13:37.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-23800",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/len-23800"
},
{
"title": "Lenovo XClarity Integrator for Vmware Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87348"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126418"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-23800"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16093"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16093"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/lnvo-scvmadd"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/lnvo-vmware"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/len-23800"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126418"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126418"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-126418"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "107583"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"date": "2018-11-30T14:29:00.347000",
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-126418"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "107583"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012836"
},
{
"date": "2018-12-28T17:36:43.240000",
"db": "NVD",
"id": "CVE-2018-16093"
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vmware for LXCI Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-012"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…