CVE-2019-6195

{"id": "CVE-2019-6195", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-02-14T17:15:13.223", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-29116", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-29116", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-264"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) \u201cLDAP Authentication Only with Local Authorization\u201d mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when \u201cLocal Authentication and Authorization\u201d or \u201cLDAP Authentication and Authorization\u201d modes are configured and used by XCC."}, {"lang": "es", "value": "Se presenta una omisi\u00f3n de autorizaci\u00f3n en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versi\u00f3n 3.01 TEI392O, versi\u00f3n 1.71 PSI328N, donde un usuario autenticado v\u00e1lido con privilegios menores puede tener acceso de solo de lectura a informaci\u00f3n con privilegios superiores si 1) \"LDAP Authentication Only with Local Authorization\u201d es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesi\u00f3n en XCC dentro de 1 minuto despu\u00e9s de que un usuario con mayor privilegio cierre sesi\u00f3n. La omisi\u00f3n de autorizaci\u00f3n no se presenta cuando los modos \u201cLocal Authentication and Authorization\u201d o \u201cLDAP Authentication and Authorization\u201d son configurados y utilizados por XCC."}], "lastModified": "2024-11-21T04:46:09.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE", "versionEndExcluding": "3.01_tei392o"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E", "versionEndExcluding": "3.08_cdi340v"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962"}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3", "versionEndExcluding": "1.71_psi328n"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}