Sign-up

ID

VAR-201909-0030


CVE

CVE-2019-6182


TITLE

Lenovo XClarity Administrator Injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-008960 // CNNVD: CNNVD-201909-052

DESCRIPTION

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. Lenovo XClarity Administrator (LXCA) Contains an injection vulnerability.Information may be tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. There is a CSV injection vulnerability in versions earlier than Lenovo LXCA 2.5.0

Trust: 1.71

sources: NVD: CVE-2019-6182 // JVNDB: JVNDB-2019-008960 // VULHUB: VHN-157617

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.5.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-008960 // NVD: CVE-2019-6182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6182
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2019-6182
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6182
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157617
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6182
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157617
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6182
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2019-6182
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2019-6182
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157617 // JVNDB: JVNDB-2019-008960 // CNNVD: CNNVD-201909-052 // NVD: CVE-2019-6182 // NVD: CVE-2019-6182

PROBLEMTYPE DATA

problemtype:CWE-1236

Trust: 1.0

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-157617 // JVNDB: JVNDB-2019-008960 // NVD: CVE-2019-6182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-052

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008960

PATCH
title:LEN-27805url:https://support.lenovo.com/jp/ja/solutions/len-27805
Trust: 0.8
title:Lenovo XClarity Administrator Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=97817
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008960 // 
            
            
            
            CNNVD: CNNVD-201909-052

EXTERNAL IDS
db:NVDid:CVE-2019-6182
Trust: 2.5
db:LENOVOid:LEN-27805
Trust: 1.7
db:JVNDBid:JVNDB-2019-008960
Trust: 0.8
db:CNNVDid:CNNVD-201909-052
Trust: 0.7
db:VULHUBid:VHN-157617
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157617 // 
            
            
            
            JVNDB: JVNDB-2019-008960 // 
            
            
            
            CNNVD: CNNVD-201909-052 // 
            
            
            
            NVD: CVE-2019-6182

REFERENCES
url:https://support.lenovo.com/solutions/len-27805
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6182
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6182
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-27805
Trust: 0.6
sources:
            
            
            VULHUB: VHN-157617 // 
            
            
            
            JVNDB: JVNDB-2019-008960 // 
            
            
            
            CNNVD: CNNVD-201909-052 // 
            
            
            
            NVD: CVE-2019-6182

SOURCES
db:VULHUBid:VHN-157617
db:JVNDBid:JVNDB-2019-008960
db:CNNVDid:CNNVD-201909-052
db:NVDid:CVE-2019-6182

LAST UPDATE DATE
2024-11-23T21:59:42.637000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157617date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008960date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201909-052date:2022-10-17T00:00:00
db:NVDid:CVE-2019-6182date:2024-11-21T04:46:07.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-157617date:2019-09-03T00:00:00
db:JVNDBid:JVNDB-2019-008960date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201909-052date:2019-09-03T00:00:00
db:NVDid:CVE-2019-6182date:2019-09-03T19:15:10.837