Sign-up

ID

VAR-201807-1679


CVE

CVE-2018-9064


TITLE

Lenovo xClarity Administrator Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008817

DESCRIPTION

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

Trust: 1.71

sources: NVD: CVE-2018-9064 // JVNDB: JVNDB-2018-008817 // VULHUB: VHN-139096

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.1.0

Trust: 1.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.3

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.4.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-008817 // CNNVD: CNNVD-201807-1977 // NVD: CVE-2018-9064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9064
value: HIGH

Trust: 1.0

NVD: CVE-2018-9064
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1977
value: HIGH

Trust: 0.6

VULHUB: VHN-139096
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9064
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139096
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9064
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139096 // JVNDB: JVNDB-2018-008817 // CNNVD: CNNVD-201807-1977 // NVD: CVE-2018-9064

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-139096 // JVNDB: JVNDB-2018-008817 // NVD: CVE-2018-9064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1977

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1977

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008817

PATCH
title:LEN-22168url:https://support.lenovo.com/jp/ja/solutions/len-22168
Trust: 0.8
title:Lenovo XClarity Administrator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82714
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008817 // 
            
            
            
            CNNVD: CNNVD-201807-1977

EXTERNAL IDS
db:NVDid:CVE-2018-9064
Trust: 2.5
db:LENOVOid:LEN-22168
Trust: 1.7
db:JVNDBid:JVNDB-2018-008817
Trust: 0.8
db:CNNVDid:CNNVD-201807-1977
Trust: 0.7
db:VULHUBid:VHN-139096
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139096 // 
            
            
            
            JVNDB: JVNDB-2018-008817 // 
            
            
            
            CNNVD: CNNVD-201807-1977 // 
            
            
            
            NVD: CVE-2018-9064

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-22168
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9064
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9064
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139096 // 
            
            
            
            JVNDB: JVNDB-2018-008817 // 
            
            
            
            CNNVD: CNNVD-201807-1977 // 
            
            
            
            NVD: CVE-2018-9064

SOURCES
db:VULHUBid:VHN-139096
db:JVNDBid:JVNDB-2018-008817
db:CNNVDid:CNNVD-201807-1977
db:NVDid:CVE-2018-9064

LAST UPDATE DATE
2024-11-23T21:52:57.292000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139096date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008817date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1977date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9064date:2024-11-21T04:14:53.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-139096date:2018-07-30T00:00:00
db:JVNDBid:JVNDB-2018-008817date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1977date:2018-07-31T00:00:00
db:NVDid:CVE-2018-9064date:2018-07-30T16:29:00.313