Details of VAR-202003-1772

ID

VAR-202003-1772

CVE

CVE-2019-19756

TITLE

Lenovo XClarity Administrator Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014954

DESCRIPTION

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. Lenovo XClarity Administrator (LXCA) Exists in a vulnerability related to information leakage from log files.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2019-19756 // JVNDB: JVNDB-2019-014954 // VULHUB: VHN-152234

AFFECTED PRODUCTS

vendor:

lenovo

model:

xclarity administrator

scope:

version:

2.6.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-014954 // NVD: CVE-2019-19756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19756
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2019-19756
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014954
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-521
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-152234
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-19756
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014954
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-152234
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-19756
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2019-19756
baseSeverity:	HIGH
baseScore:	7.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	5.8
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014954
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-152234 // JVNDB: JVNDB-2019-014954 // CNNVD: CNNVD-202003-521 // NVD: CVE-2019-19756 // NVD: CVE-2019-19756

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-152234 // JVNDB: JVNDB-2019-014954 // NVD: CVE-2019-19756

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-521

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202003-521

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014954

PATCH

title:	LEN-29942	url:	https://support.lenovo.com/us/en/product_security/LEN-29942	Trust: 0.8
title:	Lenovo XClarity Administrator Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112230	Trust: 0.6

sources: JVNDB: JVNDB-2019-014954 // CNNVD: CNNVD-202003-521

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19756	Trust: 2.5
db:	LENOVO	id:	LEN-29942	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-014954	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-521	Trust: 0.7
db:	CNVD	id:	CNVD-2020-19571	Trust: 0.1
db:	VULHUB	id:	VHN-152234	Trust: 0.1

sources: VULHUB: VHN-152234 // JVNDB: JVNDB-2019-014954 // CNNVD: CNNVD-202003-521 // NVD: CVE-2019-19756

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-29942	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19756	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19756	Trust: 0.8

sources: VULHUB: VHN-152234 // JVNDB: JVNDB-2019-014954 // CNNVD: CNNVD-202003-521 // NVD: CVE-2019-19756

SOURCES

db:	VULHUB	id:	VHN-152234
db:	JVNDB	id:	JVNDB-2019-014954
db:	CNNVD	id:	CNNVD-202003-521
db:	NVD	id:	CVE-2019-19756

LAST UPDATE DATE

2024-11-23T23:01:29.295000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-152234	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-014954	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-521	date:	2022-03-22T00:00:00
db:	NVD	id:	CVE-2019-19756	date:	2024-11-21T04:35:19.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-152234	date:	2020-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-014954	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-521	date:	2020-03-10T00:00:00
db:	NVD	id:	CVE-2019-19756	date:	2020-03-13T16:15:11.970