Details of VAR-201905-0018

ID

VAR-201905-0018

CVE

CVE-2019-6158

TITLE

Lenovo XClarity Administrator Log Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-14825 // CNNVD: CNNVD-201905-100

DESCRIPTION

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Lenovo XClarity Administrator (LXCA) Contains a vulnerability related to information disclosure from log files.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions for Lenovo, China. This product can provide agentless hardware management functions for servers, storage, network switches, etc. The vulnerability originates from abnormal output of log files of network systems or products. An attacker could use this vulnerability to obtain sensitive information on the website. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability

Trust: 2.52

sources: NVD: CVE-2019-6158 // JVNDB: JVNDB-2019-003854 // CNVD: CNVD-2019-14825 // BID: 108165 // VULHUB: VHN-157593

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14825

AFFECTED PRODUCTS

vendor:	lenovo	model:	xclarity administrator	scope:	lt	version:	2.4.0	Trust: 1.0
vendor:	lenovo	model:	xclarity administrator	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.0.0 to 2.3.x	Trust: 0.8
vendor:	lenovo	model:	xclarity administrator	scope:	gte	version:	2.0.0,<=2.3.*	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.3	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.2	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.0	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	ne	version:	2.4	Trust: 0.3

sources: CNVD: CNVD-2019-14825 // BID: 108165 // JVNDB: JVNDB-2019-003854 // NVD: CVE-2019-6158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6158
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6158
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6158
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-14825
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-100
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157593
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6158
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14825
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-157593
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6158
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8
psirt@lenovo.com:	CVE-2019-6158
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	5.8
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2019-14825 // VULHUB: VHN-157593 // JVNDB: JVNDB-2019-003854 // CNNVD: CNNVD-201905-100 // NVD: CVE-2019-6158 // NVD: CVE-2019-6158

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-157593 // JVNDB: JVNDB-2019-003854 // NVD: CVE-2019-6158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-100

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201905-100

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003854

PATCH

title:	LEN-26141	url:	https://support.lenovo.com/solutions/LEN-26141	Trust: 0.8
title:	Patch for Lenovo XClarity Administrator Log Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/161655	Trust: 0.6
title:	Lenovo XClarity Administrator Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92225	Trust: 0.6

sources: CNVD: CNVD-2019-14825 // JVNDB: JVNDB-2019-003854 // CNNVD: CNNVD-201905-100

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6158	Trust: 3.4
db:	BID	id:	108165	Trust: 2.6
db:	LENOVO	id:	LEN-26141	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003854	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-100	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14825	Trust: 0.6
db:	NSFOCUS	id:	43227	Trust: 0.6
db:	VULHUB	id:	VHN-157593	Trust: 0.1

sources: CNVD: CNVD-2019-14825 // VULHUB: VHN-157593 // BID: 108165 // JVNDB: JVNDB-2019-003854 // CNNVD: CNNVD-201905-100 // NVD: CVE-2019-6158

REFERENCES

url:	http://www.securityfocus.com/bid/108165	Trust: 2.3
url:	https://support.lenovo.com/solutions/len-26141	Trust: 1.7
url:	https://support.lenovo.com/us/en/solutions/len-26141	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6158	Trust: 1.4
url:	http://www.lenovo.com/ca/en/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6158	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-6158	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43227	Trust: 0.6

sources: CNVD: CNVD-2019-14825 // VULHUB: VHN-157593 // BID: 108165 // JVNDB: JVNDB-2019-003854 // CNNVD: CNNVD-201905-100 // NVD: CVE-2019-6158

CREDITS

Lenovo,Lenovo ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201905-100

SOURCES

db:	CNVD	id:	CNVD-2019-14825
db:	VULHUB	id:	VHN-157593
db:	BID	id:	108165
db:	JVNDB	id:	JVNDB-2019-003854
db:	CNNVD	id:	CNNVD-201905-100
db:	NVD	id:	CVE-2019-6158

LAST UPDATE DATE

2024-11-23T22:12:05.863000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14825	date:	2019-05-21T00:00:00
db:	VULHUB	id:	VHN-157593	date:	2019-10-09T00:00:00
db:	BID	id:	108165	date:	2019-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-003854	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-100	date:	2019-08-29T00:00:00
db:	NVD	id:	CVE-2019-6158	date:	2024-11-21T04:46:03.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14825	date:	2019-05-21T00:00:00
db:	VULHUB	id:	VHN-157593	date:	2019-05-03T00:00:00
db:	BID	id:	108165	date:	2019-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-003854	date:	2019-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201905-100	date:	2019-05-02T00:00:00
db:	NVD	id:	CVE-2019-6158	date:	2019-05-03T20:29:01.387