Details of VAR-202002-0370

ID

VAR-202002-0370

CVE

CVE-2019-6194

TITLE

Lenovo XClarity Administrator In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014620

DESCRIPTION

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2019-6194 // JVNDB: JVNDB-2019-014620 // VULHUB: VHN-157629

AFFECTED PRODUCTS

vendor:	lenovo	model:	xclarity administrator	scope:	lt	version:	2.6.6	Trust: 1.0
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.6.6	Trust: 0.8
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.0.3	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.0.1	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.5.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.6.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.4.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	2.0.0	Trust: 0.6

sources: JVNDB: JVNDB-2019-014620 // CNNVD: CNNVD-202002-812 // NVD: CVE-2019-6194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6194
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6194
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-014620
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202002-812
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157629
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6194
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014620
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-157629
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6194
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6194
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014620
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-157629 // JVNDB: JVNDB-2019-014620 // CNNVD: CNNVD-202002-812 // NVD: CVE-2019-6194 // NVD: CVE-2019-6194

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-157629 // JVNDB: JVNDB-2019-014620 // NVD: CVE-2019-6194

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-812

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202002-812

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014620

PATCH

title:	LEN-29477	url:	https://support.lenovo.com/us/en/product_security/LEN-29477	Trust: 0.8
title:	Lenovo XClarity Administrator Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109147	Trust: 0.6

sources: JVNDB: JVNDB-2019-014620 // CNNVD: CNNVD-202002-812

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6194	Trust: 2.5
db:	LENOVO	id:	LEN-29477	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-014620	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-812	Trust: 0.7
db:	CNVD	id:	CNVD-2020-09988	Trust: 0.1
db:	VULHUB	id:	VHN-157629	Trust: 0.1

sources: VULHUB: VHN-157629 // JVNDB: JVNDB-2019-014620 // CNNVD: CNNVD-202002-812 // NVD: CVE-2019-6194

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-29477	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6194	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6194	Trust: 0.8

sources: VULHUB: VHN-157629 // JVNDB: JVNDB-2019-014620 // CNNVD: CNNVD-202002-812 // NVD: CVE-2019-6194

SOURCES

db:	VULHUB	id:	VHN-157629
db:	JVNDB	id:	JVNDB-2019-014620
db:	CNNVD	id:	CNNVD-202002-812
db:	NVD	id:	CVE-2019-6194

LAST UPDATE DATE

2024-11-23T21:51:40.770000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157629	date:	2020-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-014620	date:	2020-03-05T00:00:00
db:	CNNVD	id:	CNNVD-202002-812	date:	2020-02-24T00:00:00
db:	NVD	id:	CVE-2019-6194	date:	2024-11-21T04:46:09.003

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157629	date:	2020-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-014620	date:	2020-03-05T00:00:00
db:	CNNVD	id:	CNNVD-202002-812	date:	2020-02-14T00:00:00
db:	NVD	id:	CVE-2019-6194	date:	2020-02-14T17:15:13.143