Overview
- Description
- LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
- Source
- psirt@lenovo.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-434
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"vulnerable": true,
"matchCriteriaId": "6415AB74-5196-4EEA-A2EC-71EFA00F4BA1",
"versionEndExcluding": "3.5"
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"vulnerable": true,
"matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
"versionEndExcluding": "5.5"
}
],
"operator": "OR"
}
]
}
]