Details of VAR-201909-0027

ID

VAR-201909-0027

CVE

CVE-2019-6179

TITLE

Lenovo XClarity Administrator and Lenovo XClarity Integrator In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-008883

DESCRIPTION

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. Security vulnerabilities exist in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter. An attacker could exploit this vulnerability to disclose information

Trust: 1.71

sources: NVD: CVE-2019-6179 // JVNDB: JVNDB-2019-008883 // VULHUB: VHN-157614

AFFECTED PRODUCTS

vendor:	lenovo	model:	xclarity administrator	scope:	lt	version:	2.5.0	Trust: 1.8
vendor:	lenovo	model:	xclarity integrator	scope:	lt	version:	6.1.0	Trust: 1.0
vendor:	lenovo	model:	xclarity integrator	scope:	lt	version:	7.7.0	Trust: 1.0
vendor:	lenovo	model:	xclarity integrator	scope:	lt	version:	for microsoft system center 7.7.0	Trust: 0.8
vendor:	lenovo	model:	xclarity integrator	scope:	lt	version:	for vmware vcenter 6.1.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-008883 // NVD: CVE-2019-6179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6179
value:	HIGH
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6179
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6179
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-048
value:	HIGH
Trust: 0.6
VULHUB:	VHN-157614
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6179
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-157614
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6179
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6179
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2019-6179
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-157614 // JVNDB: JVNDB-2019-008883 // CNNVD: CNNVD-201909-048 // NVD: CVE-2019-6179 // NVD: CVE-2019-6179

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-157614 // JVNDB: JVNDB-2019-008883 // NVD: CVE-2019-6179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-048

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008883

PATCH

title:	LEN-27805	url:	https://support.lenovo.com/solutions/LEN-27805	Trust: 0.8
title:	Lenovo XClarity Administrator , Lenovo XClarity Integrator for Microsoft System Center and Lenovo XClarity Integrator for VMWare vCenter Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97813	Trust: 0.6

sources: JVNDB: JVNDB-2019-008883 // CNNVD: CNNVD-201909-048

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6179	Trust: 2.5
db:	LENOVO	id:	LEN-27805	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-008883	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-048	Trust: 0.7
db:	VULHUB	id:	VHN-157614	Trust: 0.1

sources: VULHUB: VHN-157614 // JVNDB: JVNDB-2019-008883 // CNNVD: CNNVD-201909-048 // NVD: CVE-2019-6179

REFERENCES

url:	https://support.lenovo.com/solutions/len-27805	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6179	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6179	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-27805	Trust: 0.6

sources: VULHUB: VHN-157614 // JVNDB: JVNDB-2019-008883 // CNNVD: CNNVD-201909-048 // NVD: CVE-2019-6179

SOURCES

db:	VULHUB	id:	VHN-157614
db:	JVNDB	id:	JVNDB-2019-008883
db:	CNNVD	id:	CNNVD-201909-048
db:	NVD	id:	CVE-2019-6179

LAST UPDATE DATE

2024-11-23T21:59:42.611000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157614	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-008883	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201909-048	date:	2019-09-06T00:00:00
db:	NVD	id:	CVE-2019-6179	date:	2024-11-21T04:46:06.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157614	date:	2019-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-008883	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201909-048	date:	2019-09-03T00:00:00
db:	NVD	id:	CVE-2019-6179	date:	2019-09-03T19:15:10.647