XML External Entity Processing Vulnerability in Lenovo XClarity Products
CVE-2019-6179

5.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Xclarity Administrator (lxca); Xclarity Integrator (lxci) For Microsoft System Center; Xclarity Integrator (lxci) For Vmware Vcenter
Vendor: CVE Published:; 3 September 2019

Summary

A vulnerability related to XML External Entity (XXE) processing was identified in Lenovo's XClarity Administrator and Integrator products. This vulnerability could allow attackers to exploit the way XML data is parsed, potentially leading to the disclosure of sensitive information. Affected products include Lenovo XClarity Administrator versions prior to 2.5.0, Lenovo XClarity Integrator for Microsoft System Center versions prior to 7.7.0, and Lenovo XClarity Integrator for VMware vCenter versions prior to 6.1.0. It is crucial for users to update their systems to mitigate the risk associated with this vulnerability.

Affected Version(s)

XClarity Administrator (LXCA) < 2.5.0

XClarity Integrator (LXCI) for Microsoft System Center < 7.7.0

XClarity Integrator (LXCI) for VMware vCenter < 6.1.0

References

https://support.lenovo.com/solutions/LEN-27805

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 3, 2019
Vulnerability Reserved
Jan 11, 2019

Credit

Lenovo thanks USD AG for reporting this issue.