LenovoCVELIST:CVE-2019-6195CVE-2019-6195
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.6%
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
CNA Affected
[
{
"product": "XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.08 CDI340V",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.01 TEI392O",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "1.71 PSI328N",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.6%