Search criteria
8 vulnerabilities found for xclarity_integrator by lenovo
CVE-2019-6179 (GCVE-0-2019-6179)
Vulnerability from nvd – Published: 2019-09-03 18:50 – Updated: 2024-09-16 21:02
VLAI?
Summary
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
Severity ?
5.3 (Medium)
CWE
- information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | XClarity Administrator (LXCA) |
Affected:
unspecified , < 2.5.0
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Lenovo thanks USD AG for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Administrator (LXCA)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for VMware vCenter",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"datePublic": "2019-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:50:10",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"solutions": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.5.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "7.7.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for VMware vCenter",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27805",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6179",
"datePublished": "2019-09-03T18:50:10.921568Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T21:02:44.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9072 (GCVE-0-2018-9072)
Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 07:17
VLAI?
Title
LXCI for VMware
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9072",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9072",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16097 (GCVE-0-2018-16097)
Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
VLAI?
Title
LXCI for VMware and LXCI for Microsoft System Center
Summary
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
Severity ?
No CVSS data available.
CWE
- file system modification
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "LXCI for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "file system modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware and LXCI for Microsoft System Center",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16097",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
},
{
"product_name": "LXCI for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file system modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16097",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16093 (GCVE-0-2018-16093)
Vulnerability from nvd – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
VLAI?
Title
LXCI for VMware
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
Severity ?
No CVSS data available.
CWE
- information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16093",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16093",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6179 (GCVE-0-2019-6179)
Vulnerability from cvelistv5 – Published: 2019-09-03 18:50 – Updated: 2024-09-16 21:02
VLAI?
Summary
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
Severity ?
5.3 (Medium)
CWE
- information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | XClarity Administrator (LXCA) |
Affected:
unspecified , < 2.5.0
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Lenovo thanks USD AG for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XClarity Administrator (LXCA)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "XClarity Integrator (LXCI) for VMware vCenter",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"datePublic": "2019-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:50:10",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
],
"solutions": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.5.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "7.7.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for VMware vCenter",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27805",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6179",
"datePublished": "2019-09-03T18:50:10.921568Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T21:02:44.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9072 (GCVE-0-2018-9072)
Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 07:17
VLAI?
Title
LXCI for VMware
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9072",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9072",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16093 (GCVE-0-2018-16093)
Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
VLAI?
Title
LXCI for VMware
Summary
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
Severity ?
No CVSS data available.
CWE
- information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16093",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16093",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16097 (GCVE-0-2018-16097)
Vulnerability from cvelistv5 – Published: 2018-11-30 14:00 – Updated: 2024-08-05 10:17
VLAI?
Title
LXCI for VMware and LXCI for Microsoft System Center
Summary
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
Severity ?
No CVSS data available.
CWE
- file system modification
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | LXCI for VMware |
Affected:
unspecified , < 5.5
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXCI for VMware",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "LXCI for Microsoft System Center",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "file system modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
],
"solutions": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
},
"title": "LXCI for VMware and LXCI for Microsoft System Center",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-16097",
"STATE": "PUBLIC",
"TITLE": "LXCI for VMware and LXCI for Microsoft System Center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXCI for VMware",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.5"
}
]
}
},
{
"product_name": "LXCI for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.5"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file system modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-16097",
"datePublished": "2018-11-30T14:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}