Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500270-LXCA-AND-LXCI-INSUFFICIENT-INPUT-VALIDATION-NOSID
HistoryAug 30, 2019 - 3:29 p.m.

LXCA and LXCI Insufficient Input Validation - Lenovo Support US

2019-08-3015:29:16
support.lenovo.com
7

0.002 Low

EPSS

Percentile

53.9%

JSON

Lenovo Security Advisory: LEN-27805

**Potential Impact:**Information disclosure, code execution

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-6179, CVE-2019-6180, CVE-2019-6181, CVE-2019-6182

Summary Description:

Vulnerabilities reported in Lenovo XClarity Administrator (LXCA) and Lenovo XClarity Integrator (LXCI) could allow information disclosure or code execution.

CVE-2019-6179

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) and Lenovo XClarity Integrator (LXCI) that could allow information disclosure.

CVE-2019-6180

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user’s web browser. The JavaScript code is not executed on LXCA itself.

CVE-2019-6181

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user’s web browser. The JavaScript code is not executed on LXCA itself.

CVE-2019-6182

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your LXCA installation to version 2.5.0 or later.

Update LXCI for Microsoft System Center to version 7.7.0 or later.

Update LXCI for VMware vCenter to version 6.1.0 or later.

Acknowledgement:

CVE-2019-6179: Lenovo thanks USD AG for reporting this issue.

Revision History:

Revision

|

Date

|

Description

β€”|β€”|β€”
1 | 2019-09-03 | Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an β€œas is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Related

lenovo 1
nvd 4
cve 4
prion 4
cvelist 4
lenovo
lenovo
LXCA and LXCI Insufficient Input Validation - US
2019-08-30 15:29:16
nvd
nvd
CVE-2019-6179
2019-09-03 19:15:10
CVE-2019-6182
2019-09-03 19:15:10
CVE-2019-6181
2019-09-03 19:15:10
cve
cve
CVE-2019-6182
2019-09-03 19:15:10
CVE-2019-6180
2019-09-03 19:15:10
CVE-2019-6181
2019-09-03 19:15:10
prion
prion
Design/Logic Flaw
2019-09-03 19:15:00
Xxe
2019-09-03 19:15:00
Cross site scripting
2019-09-03 19:15:00
cvelist
cvelist
CVE-2019-6180
2019-09-03 00:00:00
CVE-2019-6182
2019-09-03 00:00:00
CVE-2019-6181
2019-09-03 00:00:00

0.002 Low

EPSS

Percentile

53.9%

JSON
Related for LENOVO:PS500270-LXCA-AND-LXCI-INSUFFICIENT-INPUT-VALIDATION-NOSID
lenovo1nvd4cve4prion4cvelist4