VAR-201905-0018
Vulnerability from variot - Updated: 2023-12-18 12:56An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.4.0"
},
{
"model": "xclarity administrator",
"scope": "gte",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.0.0"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2.0.0 to 2.3.x"
},
{
"model": "xclarity administrator",
"scope": "gte",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.0.0,\u003c=2.3.*"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.3"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.2"
},
{
"model": "xclarity administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.0"
},
{
"model": "xclarity administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo,Lenovo ?? ??",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6158",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-14825",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157593",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@lenovo.com",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6158",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6158",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-14825",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157593",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "VULHUB",
"id": "VHN-157593"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6158",
"trust": 3.4
},
{
"db": "BID",
"id": "108165",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-26141",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14825",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43227",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157593",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"id": "VAR-201905-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
}
]
},
"last_update_date": "2023-12-18T12:56:33.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-26141",
"trust": 0.8,
"url": "https://support.lenovo.com/solutions/len-26141"
},
{
"title": "Patch for Lenovo XClarity Administrator Log Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161655"
},
{
"title": "Lenovo XClarity Administrator Repair measures for log information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92225"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108165"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-26141"
},
{
"trust": 1.5,
"url": "https://support.lenovo.com/us/en/solutions/len-26141"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6158"
},
{
"trust": 0.9,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6158"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-6158"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43227"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "VULHUB",
"id": "VHN-157593"
},
{
"db": "BID",
"id": "108165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157593"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108165"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"date": "2019-05-03T20:29:01.387000",
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"date": "2019-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-157593"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108165"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003854"
},
{
"date": "2019-10-09T23:51:12.153000",
"db": "NVD",
"id": "CVE-2019-6158"
},
{
"date": "2019-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo XClarity Administrator Log Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-100"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…