Sign-up

ID

VAR-201811-0337


CVE

CVE-2018-16097


TITLE

VMware For and Microsoft System Center for LXCI Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2018-012837

DESCRIPTION

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. VMware For and Microsoft System Center for LXCI Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Lenovo XClarity Integrator is prone to multiple security vulnerabilities: 1. An arbitrary-file-download vulnerability 2. An arbitrary file-overwrite vulnerability Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application or download arbitrary files from the device filesystem and obtain potentially sensitive information.. Lenovo XClarity Integrator (LXCI) for Vmware is an application for Vmware from China Lenovo (Lenovo). The program offers extended capabilities such as infrastructure resource management, automation and IT service management. LXCI for Microsoft System Center is the version for Microsoft System Center. The vulnerability stems from insufficient verification when uploading certificates

Trust: 1.98

sources: NVD: CVE-2018-16097 // JVNDB: JVNDB-2018-012837 // BID: 107583 // VULHUB: VHN-126422

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity integratorscope:ltversion:5.5

Trust: 1.0

vendor:lenovomodel:xclarity integratorscope:ltversion:3.5

Trust: 1.0

vendor:lenovomodel:xclarity integratorscope:ltversion:for microsoft system center 3.5

Trust: 0.8

vendor:lenovomodel:xclarity integratorscope:ltversion:for vmware 5.5

Trust: 0.8

vendor:lenovomodel:xclarity integrator for vmware vcenterscope:eqversion:5.4

Trust: 0.3

vendor:lenovomodel:xclarity integrator for microsoft system centerscope:eqversion:3.4

Trust: 0.3

vendor:lenovomodel:xclarity integrator for vmware vcenterscope:neversion:5.5

Trust: 0.3

vendor:lenovomodel:xclarity integrator for microsoft system centerscope:neversion:3.5

Trust: 0.3

sources: BID: 107583 // JVNDB: JVNDB-2018-012837 // NVD: CVE-2018-16097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16097
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16097
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-011
value: MEDIUM

Trust: 0.6

VULHUB: VHN-126422
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16097
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126422
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16097
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126422 // JVNDB: JVNDB-2018-012837 // CNNVD: CNNVD-201812-011 // NVD: CVE-2018-16097

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-126422 // JVNDB: JVNDB-2018-012837 // NVD: CVE-2018-16097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-011

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012837

PATCH
title:LEN-23800url:https://support.lenovo.com/jp/ja/solutions/len-23800
Trust: 0.8
title:Lenovo XClarity Integrator for Vmware  and Microsoft System Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87347
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012837 // 
            
            
            
            CNNVD: CNNVD-201812-011

EXTERNAL IDS
db:NVDid:CVE-2018-16097
Trust: 2.8
db:LENOVOid:LEN-23800
Trust: 2.0
db:JVNDBid:JVNDB-2018-012837
Trust: 0.8
db:CNNVDid:CNNVD-201812-011
Trust: 0.7
db:BIDid:107583
Trust: 0.3
db:VULHUBid:VHN-126422
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126422 // 
            
            
            
            BID: 107583 // 
            
            
            
            JVNDB: JVNDB-2018-012837 // 
            
            
            
            CNNVD: CNNVD-201812-011 // 
            
            
            
            NVD: CVE-2018-16097

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-23800
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16097
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16097
Trust: 0.8
url:https://support.lenovo.com/in/en/solutions/lnvo-scvmadd
Trust: 0.3
url:https://support.lenovo.com/in/en/solutions/lnvo-vmware
Trust: 0.3
url:https://support.lenovo.com/in/en/solutions/len-23800
Trust: 0.3
sources:
            
            
            VULHUB: VHN-126422 // 
            
            
            
            BID: 107583 // 
            
            
            
            JVNDB: JVNDB-2018-012837 // 
            
            
            
            CNNVD: CNNVD-201812-011 // 
            
            
            
            NVD: CVE-2018-16097

CREDITS
Lenovo
Trust: 0.3
sources:
            
            
            BID: 107583

SOURCES
db:VULHUBid:VHN-126422
db:BIDid:107583
db:JVNDBid:JVNDB-2018-012837
db:CNNVDid:CNNVD-201812-011
db:NVDid:CVE-2018-16097

LAST UPDATE DATE
2024-11-23T22:12:13.830000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126422date:2018-12-28T00:00:00
db:BIDid:107583date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012837date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201812-011date:2018-12-03T00:00:00
db:NVDid:CVE-2018-16097date:2024-11-21T03:52:06.083

SOURCES RELEASE DATE
db:VULHUBid:VHN-126422date:2018-11-30T00:00:00
db:BIDid:107583date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012837date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201812-011date:2018-12-03T00:00:00
db:NVDid:CVE-2018-16097date:2018-11-30T14:29:00.393