var-201811-0337
Vulnerability from variot
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. VMware For and Microsoft System Center for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities: 1. An arbitrary-file-download vulnerability 2. An arbitrary file-overwrite vulnerability Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. LXCI for Microsoft System Center is the version for Microsoft System Center. The vulnerability stems from insufficient verification when uploading certificates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.5"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.5"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "for microsoft system center 3.5"
},
{
"model": "xclarity integrator",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "for vmware 5.5"
},
{
"model": "xclarity integrator for vmware vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.4"
},
{
"model": "xclarity integrator for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.4"
},
{
"model": "xclarity integrator for vmware vcenter",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.5"
},
{
"model": "xclarity integrator for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.5"
}
],
"sources": [
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "107583"
}
],
"trust": 0.3
},
"cve": "CVE-2018-16097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16097",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-126422",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16097",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16097",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-011",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126422",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126422"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. VMware For and Microsoft System Center for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities:\n1. An arbitrary-file-download vulnerability\n2. An arbitrary file-overwrite vulnerability\nAttackers can overwrite arbitrary files on an unsuspecting user\u0027s computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. LXCI for Microsoft System Center is the version for Microsoft System Center. The vulnerability stems from insufficient verification when uploading certificates",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "VULHUB",
"id": "VHN-126422"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16097",
"trust": 2.8
},
{
"db": "LENOVO",
"id": "LEN-23800",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011",
"trust": 0.7
},
{
"db": "BID",
"id": "107583",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-126422",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126422"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"id": "VAR-201811-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126422"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:13:38.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-23800",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-23800"
},
{
"title": "Lenovo XClarity Integrator for Vmware and Microsoft System Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87347"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126422"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-23800"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16097"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16097"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/lnvo-scvmadd"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/lnvo-vmware"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/len-23800"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126422"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126422"
},
{
"db": "BID",
"id": "107583"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-126422"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "107583"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"date": "2018-11-30T14:29:00.393000",
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-126422"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "107583"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012837"
},
{
"date": "2018-12-28T17:36:29.537000",
"db": "NVD",
"id": "CVE-2018-16097"
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VMware For and Microsoft System Center for LXCI Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-011"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.