CVE-2019-6195

Published Feb 14, 2020

Last updated 5 years ago

CVSS medium 4.8

Overview

Description: An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
Source: psirt@lenovo.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-269
psirt@lenovo.com: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1008B2EE-5CA0-44D3-A5E4-BD558AA954DE",
            "versionEndExcluding": "3.01_tei392o"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sd530:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2588DA2E-6E58-4FA2-9AA6-FC669C042197"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sd650_dwc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D32821FA-D82A-450D-BA5B-E020CD1BEDA8"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DB64709-93BA-43D8-A1DB-4CE405291430"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1DB0C393-2CB4-485F-93E2-2F28B19F9325"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C6334030-07E4-45F4-A233-4A37F77FC573"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr158:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D94182EE-10FE-4506-BDE0-06F4140923FC"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5B52AC1-714E-4217-8599-80D99E0D33B3"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr258:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB19D273-4975-4957-AE94-117B607CD746"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19771143-D5F1-4F2F-AB83-09913894681E"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EAF08144-ECCB-477B-A934-E4578522BFEE"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_st250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DBF2350D-34B1-44DB-8E4A-6F29B37D96CF"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_st258:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "089F97B1-FEDE-4A5D-91D3-0517E8D39174"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72CC8224-6832-4C72-8414-58AA7228002E",
            "versionEndExcluding": "3.08_cdi340v"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "861FD9CF-A71F-4B9F-AD63-89BEFF9FB170"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_2000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46A03175-61F0-4077-B6E6-54967E012FE3"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61548AD5-85A8-45E2-8E42-3879190C32E6"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BAEAD534-FE95-4E16-91F1-9ABDB96E3B5E"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_hx_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E7A98501-D0CA-410E-86D3-A5E1420D1D3A"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_mx_sr650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C08EE1EA-C77F-4077-9B46-5ABEAC022979"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7AABC0D8-FCA9-46D0-A147-DF6D65154465"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_2000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2DBC750-1F52-4418-BA06-95A3C33B2757"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F86AB334-137C-4DC6-AFCD-6CBFBEA862DA"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_5000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0553591B-FAFC-4601-92C0-5212D86FB60B"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinkagile_vx_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26D5D977-101A-4D02-AAFC-05D1E8C81D6B"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4C6628A-8A99-4841-A7C5-0445A03C638D"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D10850BF-A7EA-4B84-B2EF-66DCCC301514"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A3DC615C-A88A-4C45-892F-77C5E84104E8"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A5B19107-5B45-4E45-8B34-90B5A1FF3962"
          },
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_st558:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30CFA6D5-7D07-4BFF-8AD2-DE591EDE0186"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5068D399-065C-4E84-A546-B19EE2E4DBD3",
            "versionEndExcluding": "1.71_psi328n"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinksystem_sr950_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0DF54D69-A781-45F8-852F-3A9D575ADB75"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References