CVE-2019-6158

8.7HIGH

Key Information:

Vendor
Lenovo
Status
Lenovo Xclarity Administrator
Vendor
CVE Published:
2 May 2019

Summary

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

Affected Version(s)

Lenovo XClarity Administrator < 2.3.x

Lenovo XClarity Administrator < 2.0.0

References

https://support.lenovo.com/solutions/LEN-26141
x_refsource_MISC
http://www.securityfocus.com/bid/108165
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.