Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ThinkAgile CP-SB by Lenovo
CVE-2019-6161 (GCVE-0-2019-6161)
Vulnerability from nvd – Published: 2019-09-26 15:22 – Updated: 2024-09-17 01:37
VLAI
EPSS
VEX
Summary
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
Severity
No CVSS data available.
CWE
- unauthorized access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/solutions/LEN-26957 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkAgile CP-SB |
Affected:
unspecified , < 1908.M
(custom)
|
Date Public
2019-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkAgile CP-SB",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1908.M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:22:15.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the firmware version 1908.M (or newer)."
}
],
"source": {
"advisory": "LEN-26957",
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-6161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkAgile CP-SB",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1908.M"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-26957",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the firmware version 1908.M (or newer)."
}
],
"source": {
"advisory": "LEN-26957",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6161",
"datePublished": "2019-09-26T15:22:15.136Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:37:00.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6161 (GCVE-0-2019-6161)
Vulnerability from cvelistv5 – Published: 2019-09-26 15:22 – Updated: 2024-09-17 01:37
VLAI
EPSS
VEX
Summary
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
Severity
No CVSS data available.
CWE
- unauthorized access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/solutions/LEN-26957 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkAgile CP-SB |
Affected:
unspecified , < 1908.M
(custom)
|
Date Public
2019-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkAgile CP-SB",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1908.M",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:22:15.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the firmware version 1908.M (or newer)."
}
],
"source": {
"advisory": "LEN-26957",
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-6161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkAgile CP-SB",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1908.M"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-26957",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the firmware version 1908.M (or newer)."
}
],
"source": {
"advisory": "LEN-26957",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6161",
"datePublished": "2019-09-26T15:22:15.136Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:37:00.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}