Sign-up

ID

VAR-201807-1680


CVE

CVE-2018-9065


TITLE

Lenovo xClarity Administrator Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008818

DESCRIPTION

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

Trust: 1.71

sources: NVD: CVE-2018-9065 // JVNDB: JVNDB-2018-008818 // VULHUB: VHN-139097

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.1.0

Trust: 1.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.3

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.4.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-008818 // CNNVD: CNNVD-201807-1976 // NVD: CVE-2018-9065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9065
value: HIGH

Trust: 1.0

NVD: CVE-2018-9065
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1976
value: HIGH

Trust: 0.6

VULHUB: VHN-139097
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-9065
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139097
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9065
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139097 // JVNDB: JVNDB-2018-008818 // CNNVD: CNNVD-201807-1976 // NVD: CVE-2018-9065

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-139097 // JVNDB: JVNDB-2018-008818 // NVD: CVE-2018-9065

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1976

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1976

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008818

PATCH
title:LEN-22168url:https://support.lenovo.com/jp/ja/solutions/len-22168
Trust: 0.8
title:Lenovo XClarity Administrator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82713
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008818 // 
            
            
            
            CNNVD: CNNVD-201807-1976

EXTERNAL IDS
db:NVDid:CVE-2018-9065
Trust: 2.5
db:LENOVOid:LEN-22168
Trust: 1.7
db:JVNDBid:JVNDB-2018-008818
Trust: 0.8
db:CNNVDid:CNNVD-201807-1976
Trust: 0.7
db:VULHUBid:VHN-139097
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139097 // 
            
            
            
            JVNDB: JVNDB-2018-008818 // 
            
            
            
            CNNVD: CNNVD-201807-1976 // 
            
            
            
            NVD: CVE-2018-9065

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-22168
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9065
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9065
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139097 // 
            
            
            
            JVNDB: JVNDB-2018-008818 // 
            
            
            
            CNNVD: CNNVD-201807-1976 // 
            
            
            
            NVD: CVE-2018-9065

SOURCES
db:VULHUBid:VHN-139097
db:JVNDBid:JVNDB-2018-008818
db:CNNVDid:CNNVD-201807-1976
db:NVDid:CVE-2018-9065

LAST UPDATE DATE
2024-11-23T21:52:57.267000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139097date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008818date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1976date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9065date:2024-11-21T04:14:54.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-139097date:2018-07-30T00:00:00
db:JVNDBid:JVNDB-2018-008818date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1976date:2018-07-31T00:00:00
db:NVDid:CVE-2018-9065date:2018-07-30T16:29:00.377