var-201905-0018
Vulnerability from variot
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0018", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "xclarity administrator", scope: "lt", trust: 1, vendor: "lenovo", version: "2.4.0", }, { model: "xclarity administrator", scope: "gte", trust: 1, vendor: "lenovo", version: "2.0.0", }, { model: "xclarity administrator", scope: "eq", trust: 0.8, vendor: "lenovo", version: "2.0.0 to 2.3.x", }, { model: "xclarity administrator", scope: "gte", trust: 0.6, vendor: "lenovo", version: "2.0.0,<=2.3.*", }, { model: "xclarity administrator", scope: "eq", trust: 0.3, vendor: "lenovo", version: "2.3", }, { model: "xclarity administrator", scope: "eq", trust: 0.3, vendor: "lenovo", version: "2.2", }, { model: "xclarity administrator", scope: "eq", trust: 0.3, vendor: "lenovo", version: "2.0", }, { model: "xclarity administrator", scope: "ne", trust: 0.3, vendor: "lenovo", version: "2.4", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "BID", id: "108165", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.4.0", versionStartIncluding: "2.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-6158", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lenovo,Lenovo ?? ??", sources: [ { db: "CNNVD", id: "CNNVD-201905-100", }, ], trust: 0.6, }, cve: "CVE-2019-6158", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-6158", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2019-14825", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-157593", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "psirt@lenovo.com", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.3, impactScore: 5.8, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.9, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-6158", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-6158", trust: 1.8, value: "MEDIUM", }, { author: "psirt@lenovo.com", id: "CVE-2019-6158", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-14825", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201905-100", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-157593", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "VULHUB", id: "VHN-157593", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, { db: "NVD", id: "CVE-2019-6158", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability", sources: [ { db: "NVD", id: "CVE-2019-6158", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "CNVD", id: "CNVD-2019-14825", }, { db: "BID", id: "108165", }, { db: "VULHUB", id: "VHN-157593", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-6158", trust: 3.4, }, { db: "BID", id: "108165", trust: 2.6, }, { db: "LENOVO", id: "LEN-26141", trust: 2, }, { db: "JVNDB", id: "JVNDB-2019-003854", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201905-100", trust: 0.7, }, { db: "CNVD", id: "CNVD-2019-14825", trust: 0.6, }, { db: "NSFOCUS", id: "43227", trust: 0.6, }, { db: "VULHUB", id: "VHN-157593", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "VULHUB", id: "VHN-157593", }, { db: "BID", id: "108165", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], }, id: "VAR-201905-0018", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "VULHUB", id: "VHN-157593", }, ], trust: 0.06999999999999999, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, ], }, last_update_date: "2023-12-18T12:56:33.424000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "LEN-26141", trust: 0.8, url: "https://support.lenovo.com/solutions/len-26141", }, { title: "Patch for Lenovo XClarity Administrator Log Information Disclosure Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/161655", }, { title: "Lenovo XClarity Administrator Repair measures for log information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92225", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-532", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-157593", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://www.securityfocus.com/bid/108165", }, { trust: 1.7, url: "https://support.lenovo.com/solutions/len-26141", }, { trust: 1.5, url: "https://support.lenovo.com/us/en/solutions/len-26141", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-6158", }, { trust: 0.9, url: "http://www.lenovo.com/ca/en/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6158", }, { trust: 0.6, url: "https://web.nvd.nist.gov//vuln/detail/cve-2019-6158", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/43227", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "VULHUB", id: "VHN-157593", }, { db: "BID", id: "108165", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "VULHUB", id: "VHN-157593", }, { db: "BID", id: "108165", }, { db: "JVNDB", id: "JVNDB-2019-003854", }, { db: "NVD", id: "CVE-2019-6158", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-05-21T00:00:00", db: "CNVD", id: "CNVD-2019-14825", }, { date: "2019-05-03T00:00:00", db: "VULHUB", id: "VHN-157593", }, { date: "2019-05-02T00:00:00", db: "BID", id: "108165", }, { date: "2019-05-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-003854", }, { date: "2019-05-03T20:29:01.387000", db: "NVD", id: "CVE-2019-6158", }, { date: "2019-05-02T00:00:00", db: "CNNVD", id: "CNNVD-201905-100", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-05-21T00:00:00", db: "CNVD", id: "CNVD-2019-14825", }, { date: "2019-10-09T00:00:00", db: "VULHUB", id: "VHN-157593", }, { date: "2019-05-02T00:00:00", db: "BID", id: "108165", }, { date: "2019-05-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-003854", }, { date: "2019-10-09T23:51:12.153000", db: "NVD", id: "CVE-2019-6158", }, { date: "2019-08-29T00:00:00", db: "CNNVD", id: "CNNVD-201905-100", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201905-100", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Lenovo XClarity Administrator Log Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-14825", }, { db: "CNNVD", id: "CNNVD-201905-100", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "log information leak", sources: [ { db: "CNNVD", id: "CNNVD-201905-100", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.