fkie_cve-2019-6195
Vulnerability from fkie_nvd
Published
2020-02-14 17:15
Modified
2024-11-21 04:46
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE",
"versionEndExcluding": "3.01_tei392o",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
"matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E",
"versionEndExcluding": "3.08_cdi340v",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3",
"versionEndExcluding": "1.71_psi328n",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."
},
{
"lang": "es",
"value": "Se presenta una omisi\u00f3n de autorizaci\u00f3n en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versi\u00f3n 3.01 TEI392O, versi\u00f3n 1.71 PSI328N, donde un usuario autenticado v\u00e1lido con privilegios menores puede tener acceso de solo de lectura a informaci\u00f3n con privilegios superiores si 1) \"LDAP Authentication Only with Local Authorization\u201d es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesi\u00f3n en XCC dentro de 1 minuto despu\u00e9s de que un usuario con mayor privilegio cierre sesi\u00f3n. La omisi\u00f3n de autorizaci\u00f3n no se presenta cuando los modos \u201cLocal Authentication and Authorization\u201d o \u201cLDAP Authentication and Authorization\u201d son configurados y utilizados por XCC."
}
],
"id": "CVE-2019-6195",
"lastModified": "2024-11-21T04:46:09.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-14T17:15:13.223",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-29116"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…