admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE submission for LEN-27805

Browse Source 
populating CVE data for LEN-27805
This commit is contained in:
lenpsirt 2019-09-03 12:44:17 -04:00
parent d4de490ac4
commit 7a40202e63
No known key found for this signature in database
GPG Key ID: BBFC49008A1FEA3C
4 changed files with 372 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2019/6xxx/CVE-2019-6179.json
View File

@ -1,18 +1,117 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6179",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.5.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for Microsoft System Center",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.7.0"
}
]
}
},
{
"product_name": "XClarity Integrator (LXCI) for VMware vCenter",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks USD AG for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity (XXE) processing vulnerability was reported in various versions of Lenovo XClarity Administrator (LXCA) and Lenovo XClarity Integrator (LXCI) that could allow information disclosure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update your LXCA installation to version 2.5.0 or later.\n\nUpdate LXCI for Microsoft System Center to version 7.7.0 or later.\n\nUpdate LXCI for VMware vCenter to version 6.1.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}

101
2019/6xxx/CVE-2019-6180.json
View File

@ -1,18 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6180",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update your LXCA installation to version 2.5.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}

101
2019/6xxx/CVE-2019-6181.json
View File

@ -1,18 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6181",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update your LXCA installation to version 2.5.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}

101
2019/6xxx/CVE-2019-6182.json
View File

@ -1,18 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6182",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-03T16:00:00.000Z",
"ID": "CVE-2019-6182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27805"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update your LXCA installation to version 2.5.0 or later."
}
],
"source": {
"advisory": "LEN-27805",
"discovery": "UNKNOWN"
}
}