admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-61xx/CVE-2019-6195.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

398 lines
15 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-6195",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2020-02-14T17:15:13.223",
"lastModified": "2020-03-04T18:26:14.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
},
{
"lang": "es",
"value": "Se presenta una omisi\u00f3n de autorizaci\u00f3n en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versi\u00f3n 3.01 TEI392O, versi\u00f3n 1.71 PSI328N, donde un usuario autenticado v\u00e1lido con privilegios menores puede tener acceso de solo de lectura a informaci\u00f3n con privilegios superiores si 1) \"LDAP Authentication Only with Local Authorization\u201d es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesi\u00f3n en XCC dentro de 1 minuto despu\u00e9s de que un usuario con mayor privilegio cierre sesi\u00f3n. La omisi\u00f3n de autorizaci\u00f3n no se presenta cuando los modos \u201cLocal Authentication and Authorization\u201d o \u201cLDAP Authentication and Authorization\u201d son configurados y utilizados por XCC."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "psirt@lenovo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.01_tei392o",
"matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.08_cdi340v",
"matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.71_psi328n",
"matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75"
}
]
}
]
}
],
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116",
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink