CVE-2019-6193

EPSS 0.34%
Veröffentlicht 14.02.2020 17:15:13
Zuletzt bearbeitet 21.11.2024 04:46:08
Quelle psirt@lenovo.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Xclarity Administrator Version < 2.6.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.563

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@lenovo.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.lenovo.com/us/en/product_security/LEN-29477

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6193

EUVD