Vulnerability Details : CVE-2019-6179
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
Vulnerability category: XML external entity (XXE) injectionInformation leak
Products affected by CVE-2019-6179
- cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*
- cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6179
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6179
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Lenovo Group Ltd. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-6179
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-6179
-
https://support.lenovo.com/solutions/LEN-27805
LXCA and LXCI Insufficient Input Validation - USVendor Advisory
Jump to