Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ThinkAgile CP-SB by Lenovo

    CVE-2019-6161 (GCVE-0-2019-6161)

    Vulnerability from nvd – Published: 2019-09-26 15:22 – Updated: 2024-09-17 01:37
    VLAI
    Summary
    An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
    Severity
    No CVSS data available.
    CWE
    • unauthorized access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo ThinkAgile CP-SB Affected: unspecified , < 1908.M (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-26957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ThinkAgile CP-SB",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1908.M",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unauthorized access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T15:22:15.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-26957"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the firmware version 1908.M (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-26957",
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-6161",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ThinkAgile CP-SB",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1908.M"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unauthorized access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-26957",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-26957"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the firmware version 1908.M (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-26957",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6161",
        "datePublished": "2019-09-26T15:22:15.136Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:37:00.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6161 (GCVE-0-2019-6161)

    Vulnerability from cvelistv5 – Published: 2019-09-26 15:22 – Updated: 2024-09-17 01:37
    VLAI
    Summary
    An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
    Severity
    No CVSS data available.
    CWE
    • unauthorized access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo ThinkAgile CP-SB Affected: unspecified , < 1908.M (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-26957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ThinkAgile CP-SB",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1908.M",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unauthorized access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T15:22:15.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-26957"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the firmware version 1908.M (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-26957",
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-6161",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ThinkAgile CP-SB",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1908.M"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unauthorized access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-26957",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-26957"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the firmware version 1908.M (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-26957",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6161",
        "datePublished": "2019-09-26T15:22:15.136Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:37:00.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }