Sign-up

ID

VAR-201807-1681


CVE

CVE-2018-9066


TITLE

Lenovo xClarity Administrator Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008819

DESCRIPTION

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

Trust: 1.71

sources: NVD: CVE-2018-9066 // JVNDB: JVNDB-2018-008819 // VULHUB: VHN-139098

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.1.0

Trust: 1.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.3

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.4.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-008819 // CNNVD: CNNVD-201807-1975 // NVD: CVE-2018-9066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9066
value: HIGH

Trust: 1.0

NVD: CVE-2018-9066
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1975
value: HIGH

Trust: 0.6

VULHUB: VHN-139098
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9066
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139098
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9066
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139098 // JVNDB: JVNDB-2018-008819 // CNNVD: CNNVD-201807-1975 // NVD: CVE-2018-9066

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-139098 // JVNDB: JVNDB-2018-008819 // NVD: CVE-2018-9066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1975

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1975

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008819

PATCH
title:LEN-22168url:https://support.lenovo.com/jp/ja/solutions/len-22168
Trust: 0.8
title:Lenovo XClarity Administrator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82712
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008819 // 
            
            
            
            CNNVD: CNNVD-201807-1975

EXTERNAL IDS
db:NVDid:CVE-2018-9066
Trust: 2.5
db:LENOVOid:LEN-22168
Trust: 1.7
db:JVNDBid:JVNDB-2018-008819
Trust: 0.8
db:CNNVDid:CNNVD-201807-1975
Trust: 0.7
db:VULHUBid:VHN-139098
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139098 // 
            
            
            
            JVNDB: JVNDB-2018-008819 // 
            
            
            
            CNNVD: CNNVD-201807-1975 // 
            
            
            
            NVD: CVE-2018-9066

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-22168
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9066
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9066
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139098 // 
            
            
            
            JVNDB: JVNDB-2018-008819 // 
            
            
            
            CNNVD: CNNVD-201807-1975 // 
            
            
            
            NVD: CVE-2018-9066

SOURCES
db:VULHUBid:VHN-139098
db:JVNDBid:JVNDB-2018-008819
db:CNNVDid:CNNVD-201807-1975
db:NVDid:CVE-2018-9066

LAST UPDATE DATE
2024-11-23T21:52:57.318000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139098date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008819date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1975date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9066date:2024-11-21T04:14:54.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-139098date:2018-07-30T00:00:00
db:JVNDBid:JVNDB-2018-008819date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1975date:2018-07-31T00:00:00
db:NVDid:CVE-2018-9066date:2018-07-30T16:29:00.423