CVE-2019-6179

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://support.lenovo.com/solutions/LEN-27805	Vendor Advisory
https://support.lenovo.com/solutions/LEN-27805	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lenovo:xclarity_administrator::::::::
	cpe:2.3:a:lenovo:xclarity_integrator::::::vcenter::*
	cpe:2.3:a:lenovo:xclarity_integrator::::::scvmm::*

History

No history.

Information

Published : 2019-09-03 19:15

Updated : 2024-11-21 04:46

NVD link : CVE-2019-6179

Mitre link : CVE-2019-6179

CVE.ORG link : CVE-2019-6179

JSON object : View

Products Affected

lenovo

xclarity_administrator
xclarity_integrator

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2019-6179", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-03T19:15:10.647", "references": [{"url": "https://support.lenovo.com/solutions/LEN-27805", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/solutions/LEN-27805", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure."}, {"lang": "es", "value": "Se informo de una vulnerabilidad de procesamiento de XEE (XML External Entity) en Lenovo XClarity Administrator (LXCA) en versiones anteriores a la 2.5.0, Lenovo XClarity Integrator (LXCI) para Microsoft System Center en versiones anteriores a la 7.7.0, y Lenovo XClarity Integrator (LXCI) para VMWare vCenter en versiones anteriores a la 6.1.0 que podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T04:46:06.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "661DC48D-6DFC-4B7E-AF89-DA9FF17E1045", "versionEndExcluding": "2.5.0"}, {"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*", "vulnerable": true, "matchCriteriaId": "F7D8319D-3128-46B0-8EA3-07DDB9000CC6", "versionEndExcluding": "6.1.0"}, {"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*", "vulnerable": true, "matchCriteriaId": "3DCDFDA5-708B-4E60-87D9-7DF71BFDF52D", "versionEndExcluding": "7.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@lenovo.com"}