Lenovo Security Advisory: LEN-29477
Potential Impact: Information disclosure, code execution
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2019-6193, CVE-2019-6194, CVE-2019-19757
CVE-2019-6193: An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
CVE-2019-6194: An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) that could allow information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your LXCA installation to version 2.6.6 or later.
LXCA 2.6.6 Fix Bundle: <https://datacentersupport.lenovo.com/us/en/solutions/HT509677>
LXCA Updates: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd>
2 | 2020-02-12 | Clarified installation instructions.
1 | 2020-02-11 | Initial release
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.