Sign-up

ID

VAR-201909-0028


CVE

CVE-2019-6180


TITLE

Lenovo XClarity Administrator Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-008774

DESCRIPTION

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a cross-site scripting vulnerability in versions earlier than Lenovo LXCA 2.5.0. A remote attacker could exploit this vulnerability to execute JavaScript code in the user's browser

Trust: 1.71

sources: NVD: CVE-2019-6180 // JVNDB: JVNDB-2019-008774 // VULHUB: VHN-157615

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.5.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-008774 // NVD: CVE-2019-6180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6180
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2019-6180
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6180
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-050
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157615
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-6180
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157615
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

psirt@lenovo.com: CVE-2019-6180
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-6180
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-157615 // JVNDB: JVNDB-2019-008774 // CNNVD: CNNVD-201909-050 // NVD: CVE-2019-6180 // NVD: CVE-2019-6180

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-157615 // JVNDB: JVNDB-2019-008774 // NVD: CVE-2019-6180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-050

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201909-050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008774

PATCH
title:Lenovo XClarity Administratorurl:https://www.lenovo.com/jp/ja/data-center/software/systems-management/xclarity/
Trust: 0.8
title:Lenovo XClarity Administrator Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97815
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008774 // 
            
            
            
            CNNVD: CNNVD-201909-050

EXTERNAL IDS
db:NVDid:CVE-2019-6180
Trust: 2.5
db:LENOVOid:LEN-27805
Trust: 1.7
db:JVNDBid:JVNDB-2019-008774
Trust: 0.8
db:CNNVDid:CNNVD-201909-050
Trust: 0.7
db:VULHUBid:VHN-157615
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157615 // 
            
            
            
            JVNDB: JVNDB-2019-008774 // 
            
            
            
            CNNVD: CNNVD-201909-050 // 
            
            
            
            NVD: CVE-2019-6180

REFERENCES
url:https://support.lenovo.com/solutions/len-27805
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6180
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6180
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-27805
Trust: 0.6
sources:
            
            
            VULHUB: VHN-157615 // 
            
            
            
            JVNDB: JVNDB-2019-008774 // 
            
            
            
            CNNVD: CNNVD-201909-050 // 
            
            
            
            NVD: CVE-2019-6180

SOURCES
db:VULHUBid:VHN-157615
db:JVNDBid:JVNDB-2019-008774
db:CNNVDid:CNNVD-201909-050
db:NVDid:CVE-2019-6180

LAST UPDATE DATE
2024-11-23T21:59:42.662000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157615date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008774date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201909-050date:2019-09-05T00:00:00
db:NVDid:CVE-2019-6180date:2024-11-21T04:46:06.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-157615date:2019-09-03T00:00:00
db:JVNDBid:JVNDB-2019-008774date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201909-050date:2019-09-03T00:00:00
db:NVDid:CVE-2019-6180date:2019-09-03T19:15:10.710