Sign-up

ID

VAR-202002-0369


CVE

CVE-2019-6193


TITLE

Lenovo XClarity Administrator Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014619

DESCRIPTION

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. Lenovo XClarity Administrator (LXCA) There is an information leakage vulnerability in.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more

Trust: 1.71

sources: NVD: CVE-2019-6193 // JVNDB: JVNDB-2019-014619 // VULHUB: VHN-157628

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:2.6.6

Trust: 1.0

vendor:lenovomodel:xclarity administratorscope:eqversion:2.6.6

Trust: 0.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.3

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:2.5.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:2.4.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2019-014619 // CNNVD: CNNVD-202002-809 // NVD: CVE-2019-6193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6193
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2019-6193
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014619
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-809
value: HIGH

Trust: 0.6

VULHUB: VHN-157628
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014619
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-157628
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6193
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-014619
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157628 // JVNDB: JVNDB-2019-014619 // CNNVD: CNNVD-202002-809 // NVD: CVE-2019-6193 // NVD: CVE-2019-6193

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-157628 // JVNDB: JVNDB-2019-014619 // NVD: CVE-2019-6193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-809

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202002-809

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014619

PATCH
title:LEN-29477url:https://support.lenovo.com/us/en/product_security/LEN-29477
Trust: 0.8
title:Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110530
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-014619 // 
            
            
            
            CNNVD: CNNVD-202002-809

EXTERNAL IDS
db:NVDid:CVE-2019-6193
Trust: 2.5
db:LENOVOid:LEN-29477
Trust: 1.7
db:JVNDBid:JVNDB-2019-014619
Trust: 0.8
db:CNNVDid:CNNVD-202002-809
Trust: 0.7
db:CNVDid:CNVD-2020-09986
Trust: 0.1
db:VULHUBid:VHN-157628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157628 // 
            
            
            
            JVNDB: JVNDB-2019-014619 // 
            
            
            
            CNNVD: CNNVD-202002-809 // 
            
            
            
            NVD: CVE-2019-6193

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-29477
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6193
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6193
Trust: 0.8
sources:
            
            
            VULHUB: VHN-157628 // 
            
            
            
            JVNDB: JVNDB-2019-014619 // 
            
            
            
            CNNVD: CNNVD-202002-809 // 
            
            
            
            NVD: CVE-2019-6193

SOURCES
db:VULHUBid:VHN-157628
db:JVNDBid:JVNDB-2019-014619
db:CNNVDid:CNNVD-202002-809
db:NVDid:CVE-2019-6193

LAST UPDATE DATE
2024-11-23T21:51:40.745000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157628date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2019-014619date:2020-03-05T00:00:00
db:CNNVDid:CNNVD-202002-809date:2020-03-03T00:00:00
db:NVDid:CVE-2019-6193date:2024-11-21T04:46:08.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-157628date:2020-02-14T00:00:00
db:JVNDBid:JVNDB-2019-014619date:2020-03-05T00:00:00
db:CNNVDid:CNNVD-202002-809date:2020-02-14T00:00:00
db:NVDid:CVE-2019-6193date:2020-02-14T17:15:13.003