Sign-up

ID

VAR-201904-0089


CVE

CVE-2019-6157


TITLE

plural Lenovo System x Vulnerability related to information leakage from log files in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004354

DESCRIPTION

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. plural Lenovo System x The product contains a vulnerability related to information disclosure from log files.Information may be obtained. LenovoFlexSystemx240M4 and so on are all servers of China Lenovo. A security vulnerability exists in several Lenovo products that originated from the FFDC recording the private key of the web server in a log file. An attacker could exploit the vulnerability to disclose information. There are security vulnerabilities in several Lenovo products. The following products are affected: Lenovo Flex System x240 M4; Flex System x240 M5; Flex System x280 X6; Flex System x440 M4; Flex System x480 X6; Flex System x880; NeXtScale nx360 M5; (ThinkAgile CX2200/4200/4600); System x3650 M5; System x3750 M4; System x3850 X6; System x3950 X6; BladeCenter HS22; BladeCenter HS23; BladeCenter HS23E; Flex System x220 M4; System x280 M4; Flex System x440 M4; Flex System x480 M4; Flex System x880 M4; iDataPlex dx360 M4; iDataPlex dx360 M4 Water Cooled; x3300 M4; System x3500 M4; System x3530 M4; System x3550 M4; System x3630 M4; System x3650 M4;

Trust: 2.25

sources: NVD: CVE-2019-6157 // JVNDB: JVNDB-2019-004354 // CNVD: CNVD-2019-13089 // VULHUB: VHN-157592

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13089

AFFECTED PRODUCTS

vendor:lenovomodel:nextscale nx360 m5scope: - version: -

Trust: 1.4

vendor:lenovomodel:system x3250 m6scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:system x3500 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3650 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x240 m5scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:bladecenter hs22scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:flex system x222 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3300 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3250 m5scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:flex system x220 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:idataplex dx360 m4 water cooledscope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3550 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3650 m4 bdscope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3950 x6scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:nextscale nx360 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3530 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:bladecenter hs23scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3650 m4 hdscope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:system x3500 m5scope:ltversion:5.30

Trust: 1.0

vendor:lenovomodel:system x3950 x6scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:flex system x240 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:system x3650 m5scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:flex system x880 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3630 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:system x3550 m5scope:ltversion:5.30

Trust: 1.0

vendor:lenovomodel:flex system x240 m4scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:flex system x440 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:flex system x480 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3250 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:nextscale nx360 m5scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:system x3750 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x280 x6scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:idataplex dx360 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x480 x6scope:ltversion:5.30

Trust: 1.0

vendor:lenovomodel:system x3850 x6scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:system x3100 m4scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x440 m4scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:flex system x280 m4scope:ltversion:7.20

Trust: 1.0

vendor:ibmmodel:system x3100 m5scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:system x3750 m4scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:bladecenter hs23escope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x880scope:ltversion:5.30

Trust: 1.0

vendor:ibmmodel:system x3850 x6scope:ltversion:7.20

Trust: 1.0

vendor:lenovomodel:flex system x240 m4scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x240 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x280 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x440 m4scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x480 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x880scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3250 m6scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3500 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3550 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system m4scope:eqversion:x240

Trust: 0.6

vendor:lenovomodel:flex system m5scope:eqversion:x240

Trust: 0.6

vendor:lenovomodel:flex systemscope:eqversion:x280x6

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x440

Trust: 0.6

vendor:lenovomodel:flex systemscope:eqversion:x480x6

Trust: 0.6

vendor:lenovomodel:flex systemscope:eqversion:x880

Trust: 0.6

vendor:lenovomodel:system m6scope:eqversion:x3250

Trust: 0.6

vendor:lenovomodel:system m5scope:eqversion:x3500

Trust: 0.6

vendor:lenovomodel:system m5scope:eqversion:x3550

Trust: 0.6

vendor:lenovomodel:system m5scope:eqversion:x3650

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3750

Trust: 0.6

vendor:lenovomodel:systemscope:eqversion:x3850x6

Trust: 0.6

vendor:lenovomodel:systemscope:eqversion:x3950x6

Trust: 0.6

vendor:lenovomodel:bladecenter hs22scope: - version: -

Trust: 0.6

vendor:lenovomodel:bladecenter hs23escope: - version: -

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x220

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x222

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x480

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x880

Trust: 0.6

vendor:lenovomodel:idataplex dx360 m4scope: - version: -

Trust: 0.6

vendor:lenovomodel:idataplex dx360 m4 water cooledscope: - version: -

Trust: 0.6

vendor:lenovomodel:nextscale nx360 m4scope: - version: -

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3100

Trust: 0.6

vendor:lenovomodel:system m5scope:eqversion:x3100

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3250

Trust: 0.6

vendor:lenovomodel:system m5scope:eqversion:x3250

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3300

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3500

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3550

Trust: 0.6

vendor:lenovomodel:system m4scope:eqversion:x3630

Trust: 0.6

vendor:lenovomodel:system m4 bdscope:eqversion:x3650

Trust: 0.6

vendor:lenovomodel:system m4 hdscope:eqversion:x3650

Trust: 0.6

vendor:lenovomodel:flex system m4scope:eqversion:x280

Trust: 0.6

sources: CNVD: CNVD-2019-13089 // JVNDB: JVNDB-2019-004354 // NVD: CVE-2019-6157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6157
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2019-6157
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6157
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-13089
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-947
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157592
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6157
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13089
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-157592
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6157
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

psirt@lenovo.com: CVE-2019-6157
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-13089 // VULHUB: VHN-157592 // JVNDB: JVNDB-2019-004354 // CNNVD: CNNVD-201904-947 // NVD: CVE-2019-6157 // NVD: CVE-2019-6157

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-157592 // JVNDB: JVNDB-2019-004354 // NVD: CVE-2019-6157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-947

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201904-947

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004354

PATCH
title:LEN-25667url:https://support.lenovo.com/jp/ja/solutions/len-25667
Trust: 0.8
title:Patches for several Lenovo product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/160245
Trust: 0.6
title:Multiple Lenovo Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91767
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13089 // 
            
            
            
            JVNDB: JVNDB-2019-004354 // 
            
            
            
            CNNVD: CNNVD-201904-947

EXTERNAL IDS
db:NVDid:CVE-2019-6157
Trust: 3.1
db:LENOVOid:LEN-25667
Trust: 1.7
db:JVNDBid:JVNDB-2019-004354
Trust: 0.8
db:CNNVDid:CNNVD-201904-947
Trust: 0.7
db:CNVDid:CNVD-2019-13089
Trust: 0.6
db:AUSCERTid:ESB-2019.1427
Trust: 0.6
db:VULHUBid:VHN-157592
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13089 // 
            
            
            
            VULHUB: VHN-157592 // 
            
            
            
            JVNDB: JVNDB-2019-004354 // 
            
            
            
            CNNVD: CNNVD-201904-947 // 
            
            
            
            NVD: CVE-2019-6157

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-6157
Trust: 2.0
url:https://support.lenovo.com/solutions/len-25667
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6157
Trust: 0.8
url:http://www.ibm.com/support/docview.wss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79722
Trust: 0.6
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10882394
Trust: 0.6
url:https://support.lenovo.com/us/en/solutions/len-25667
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13089 // 
            
            
            
            VULHUB: VHN-157592 // 
            
            
            
            JVNDB: JVNDB-2019-004354 // 
            
            
            
            CNNVD: CNNVD-201904-947 // 
            
            
            
            NVD: CVE-2019-6157

SOURCES
db:CNVDid:CNVD-2019-13089
db:VULHUBid:VHN-157592
db:JVNDBid:JVNDB-2019-004354
db:CNNVDid:CNNVD-201904-947
db:NVDid:CVE-2019-6157

LAST UPDATE DATE
2024-11-23T21:24:47.112000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13089date:2019-05-05T00:00:00
db:VULHUBid:VHN-157592date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-004354date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-947date:2019-10-24T00:00:00
db:NVDid:CVE-2019-6157date:2024-11-21T04:46:02.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13089date:2019-05-05T00:00:00
db:VULHUBid:VHN-157592date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2019-004354date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-947date:2019-04-19T00:00:00
db:NVDid:CVE-2019-6157date:2019-04-22T16:29:02.037