CVE-2019-6179

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.

Published : 2019-09-03 19:15 Updated : 2019-10-09 23:51

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Lenovo Xclarity Administrator 1.0.1 cpe:/a:lenovo:xclarity_administrator:1.0.1
Lenovo Xclarity Administrator 1.0.3 cpe:/a:lenovo:xclarity_administrator:1.0.3
Lenovo Xclarity Administrator 1.1.0 cpe:/a:lenovo:xclarity_administrator:1.1.0
Lenovo Xclarity Administrator 1.1.1 cpe:/a:lenovo:xclarity_administrator:1.1.1
Lenovo Xclarity Administrator 1.2.1 cpe:/a:lenovo:xclarity_administrator:1.2.1
Lenovo Xclarity Administrator 1.2.2 cpe:/a:lenovo:xclarity_administrator:1.2.2
Lenovo Xclarity Administrator 1.3.0 cpe:/a:lenovo:xclarity_administrator:1.3.0
Lenovo Xclarity Administrator 1.3.1 cpe:/a:lenovo:xclarity_administrator:1.3.1
Lenovo Xclarity Administrator 1.3.2 cpe:/a:lenovo:xclarity_administrator:1.3.2
Lenovo Xclarity Administrator 1.4.0 cpe:/a:lenovo:xclarity_administrator:1.4.0
Lenovo Xclarity Administrator 2.0.0 cpe:/a:lenovo:xclarity_administrator:2.0.0
Lenovo Xclarity Administrator 2.1.0 cpe:/a:lenovo:xclarity_administrator:2.1.0
  1. Lenovo (1) Search CVE
    1. Xclarity Administrator (12) Search CVE
      1. 1.0.1
      2. 1.0.3
      3. 1.1.0
      4. 1.1.1
      5. 1.2.1
      6. 1.2.2
      7. 1.3.0
      8. 1.3.1
      9. 1.3.2
      10. 1.4.0
      11. 2.0.0
      12. 2.1.0

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2019-09-05 16:19
2019-09-03 19:25

New CVE