Skip to main content

Xclarity Administrator CVE-2019-6158

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2019-05-03 psirt@lenovo.com
5.9
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 03, 2019 - 20:29 nvd
MEDIUM 5.9

DescriptionNVD

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

AnalysisAI

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-532. An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Affected products include: Lenovo Xclarity Administrator.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-8233 CRITICAL
9.8 Mar 01

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in

CVE-2017-3770 HIGH
8.8 Sep 22

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse

CVE-2018-9066 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstanc

CVE-2018-9064 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call

CVE-2023-34418 HIGH
8.1 Jun 26

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to

CVE-2017-3745 HIGH
7.8 Jun 20

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user

CVE-2023-3113 HIGH
7.5 Jun 26

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) ser

CVE-2019-6179 HIGH
7.5 Sep 03

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to vers

CVE-2018-9065 HIGH
7.5 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file

CVE-2023-34420 HIGH
7.2 Jun 26

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted call

CVE-2016-8221 HIGH
7.0 Jan 12

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or cha

CVE-2017-3763 MEDIUM
6.7 Sep 22

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of

Share

CVE-2019-6158 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy