Sensitive Credential Exposure in Lenovo XClarity Administrator
CVE-2019-6158

8.7HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator
Vendor: CVE Published:; 2 May 2019

What is CVE-2019-6158?

An internal security audit of Lenovo XClarity Administrator (LXCA) revealed that HTTP proxy credentials can be stored in clear text within log files, exposing sensitive information when configured. This vulnerability affects LXCA versions from 2.0.0 through 2.3.x, potentially allowing unauthorized access to these credentials if proper security measures are not in place.

Affected Version(s)

Lenovo XClarity Administrator < 2.3.x

Lenovo XClarity Administrator < 2.0.0

References

https://support.lenovo.com/solutions/LEN-26141

x_refsource_MISC

http://www.securityfocus.com/bid/108165

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2019
Vulnerability Reserved
Jan 11, 2019