- Description
- LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
- Source
- psirt@lenovo.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- CWE-434
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:scvmm:*:*",
"vulnerable": true,
"matchCriteriaId": "6415AB74-5196-4EEA-A2EC-71EFA00F4BA1",
"versionEndExcluding": "3.5"
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_integrator:*:*:*:*:*:vcenter:*:*",
"vulnerable": true,
"matchCriteriaId": "C9E02957-A40D-4606-BF38-2DC66446F81B",
"versionEndExcluding": "5.5"
}
],
"operator": "OR"
}
]
}
]