CVE-2019-6179

🗓️ 03 Sep 2019 18:50:10Reported by lenovoType

XML External Entity (XXE) vulnerability in Lenovo XClarity products

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the Lenovo XClarity Administrator and Lenovo XClarity Integrator software in resource management lies in the improper limitation of XML references to external objects. This allows attackers to disclose sensitive information that should be protected.	13 Jan 202000:00	–	bdu_fstec
CVE	CVE-2019-6179	3 Sep 201918:50	–	cve
EUVD	EUVD-2019-15746	7 Oct 202500:30	–	euvd
Lenovo	LXCA and LXCI Insufficient Input Validation - Lenovo Support US	30 Aug 201915:29	–	lenovo
Lenovo	LXCA and LXCI Insufficient Input Validation - US	30 Aug 201915:29	–	lenovo
NVD	CVE-2019-6179	3 Sep 201919:15	–	nvd
Prion	Xxe	3 Sep 201919:15	–	prion
Positive Technologies	PT-2019-4348 · Microsoft +2 · System Center +4	3 Sep 201900:00	–	ptsecurity

[
  {
    "product": "XClarity Administrator (LXCA)",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "2.5.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "XClarity Integrator (LXCI) for Microsoft System Center",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "7.7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "XClarity Integrator (LXCI) for VMware vCenter",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "6.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
support	www.support.lenovo.com/solutions/LEN-27805

03 Sep 2019 18:50Current

7.2High risk

Vulners AI Score7.2

CVSS 35.3

EPSS0.01358