- Added submission from Lenovo for LEN-23800 from 2018-11-29.

2025-07-29 05:56:59 +00:00 · 2018-11-30 08:30:15 -05:00 · 2018-11-30 08:30:15 -05:00 · 8b7657d453
commit 8b7657d453
parent c3526068a1
3 changed files with 185 additions and 9 deletions
--- a/2018/16xxx/CVE-2018-16093.json
+++ b/2018/16xxx/CVE-2018-16093.json
@ -1,8 +1,33 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@lenovo.com",
      "ID" : "CVE-2018-16093",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC",
+      "TITLE" : "LXCI for VMware"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "LXCI for VMware",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<",
+                                 "version_value" : "5.5"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Lenovo"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,8 +36,38 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file."
         }
      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "information disclosure"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "https://support.lenovo.com/us/en/solutions/LEN-23800"
+         }
+      ]
+   },
+   "solution" : [
+      {
+         "lang" : "eng",
+         "value" : "Update LXCI for VMware to version 5.5 or higher."
+      }
+   ],
+   "source" : {
+      "advisory" : "LEN-23800",
+      "discovery" : "INTERNAL"
   }
 }
--- a/2018/16xxx/CVE-2018-16097.json
+++ b/2018/16xxx/CVE-2018-16097.json
@ -1,8 +1,44 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@lenovo.com",
      "ID" : "CVE-2018-16097",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC",
+      "TITLE" : "LXCI for VMware and LXCI for Microsoft System Center"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "LXCI for VMware",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<",
+                                 "version_value" : "5.5"
+                              }
+                           ]
+                        }
+                     },
+                     {
+                        "product_name" : "LXCI for Microsoft System Center",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<",
+                                 "version_value" : "3.5"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Lenovo"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,8 +47,38 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate."
         }
      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "file system modification"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "https://support.lenovo.com/us/en/solutions/LEN-23800"
+         }
+      ]
+   },
+   "solution" : [
+      {
+         "lang" : "eng",
+         "value" : "Update LXCI for VMware to version 5.5 or higher.\nUpdate LXCI for Microsoft System Center to version 3.5 or higher."
+      }
+   ],
+   "source" : {
+      "advisory" : "LEN-23800",
+      "discovery" : "INTERNAL"
   }
 }
--- a/2018/9xxx/CVE-2018-9072.json
+++ b/2018/9xxx/CVE-2018-9072.json
@ -1,8 +1,33 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@lenovo.com",
      "ID" : "CVE-2018-9072",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC",
+      "TITLE" : "LXCI for VMware"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "LXCI for VMware",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<",
+                                 "version_value" : "5.5"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Lenovo"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,8 +36,38 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
         }
      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Privilege escalation"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "https://support.lenovo.com/us/en/solutions/LEN-23800"
+         }
+      ]
+   },
+   "solution" : [
+      {
+         "lang" : "eng",
+         "value" : "Update LXCI for VMware to version 5.5 or higher."
+      }
+   ],
+   "source" : {
+      "advisory" : "LEN-23800",
+      "discovery" : "INTERNAL"
   }
 }