// For flags

CVE-2019-6195

 

Severity Score

4.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.

Se presenta una omisión de autorización en Lenovo XClarity Controller (XCC) versiones anteriores a 3.08 CDI340V, versión 3.01 TEI392O, versión 1.71 PSI328N, donde un usuario autenticado válido con privilegios menores puede tener acceso de solo de lectura a información con privilegios superiores si 1) "LDAP Authentication Only with Local Authorization” es configurado y utilizado por XCC, y 2) un usuario con menos privilegios inicia sesión en XCC dentro de 1 minuto después de que un usuario con mayor privilegio cierre sesión. La omisión de autorización no se presenta cuando los modos “Local Authentication and Authorization” o “LDAP Authentication and Authorization” son configurados y utilizados por XCC.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-11 CVE Reserved
  • 2020-02-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 1000
Search vendor "Lenovo" for product "Thinkagile Hx 1000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 2000
Search vendor "Lenovo" for product "Thinkagile Hx 2000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 3000
Search vendor "Lenovo" for product "Thinkagile Hx 3000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 5000
Search vendor "Lenovo" for product "Thinkagile Hx 5000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 7000
Search vendor "Lenovo" for product "Thinkagile Hx 7000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 1000
Search vendor "Lenovo" for product "Thinkagile Vx 1000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 2000
Search vendor "Lenovo" for product "Thinkagile Vx 2000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 3000
Search vendor "Lenovo" for product "Thinkagile Vx 3000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 5000
Search vendor "Lenovo" for product "Thinkagile Vx 5000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 7000
Search vendor "Lenovo" for product "Thinkagile Vx 7000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd530
Search vendor "Lenovo" for product "Thinksystem Sd530"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 Dwc
Search vendor "Lenovo" for product "Thinksystem Sd650 Dwc"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sn550
Search vendor "Lenovo" for product "Thinksystem Sn550"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sn850
Search vendor "Lenovo" for product "Thinksystem Sn850"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr150
Search vendor "Lenovo" for product "Thinksystem Sr150"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr158
Search vendor "Lenovo" for product "Thinksystem Sr158"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr250
Search vendor "Lenovo" for product "Thinksystem Sr250"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr258
Search vendor "Lenovo" for product "Thinksystem Sr258"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr850
Search vendor "Lenovo" for product "Thinksystem Sr850"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr860
Search vendor "Lenovo" for product "Thinksystem Sr860"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St250
Search vendor "Lenovo" for product "Thinksystem St250"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.01_tei392o
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.01_tei392o"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St258
Search vendor "Lenovo" for product "Thinksystem St258"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 1000
Search vendor "Lenovo" for product "Thinkagile Hx 1000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 2000
Search vendor "Lenovo" for product "Thinkagile Hx 2000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 3000
Search vendor "Lenovo" for product "Thinkagile Hx 3000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 5000
Search vendor "Lenovo" for product "Thinkagile Hx 5000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx 7000
Search vendor "Lenovo" for product "Thinkagile Hx 7000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx Sr650
Search vendor "Lenovo" for product "Thinkagile Mx Sr650"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 1000
Search vendor "Lenovo" for product "Thinkagile Vx 1000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 2000
Search vendor "Lenovo" for product "Thinkagile Vx 2000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 3000
Search vendor "Lenovo" for product "Thinkagile Vx 3000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 5000
Search vendor "Lenovo" for product "Thinkagile Vx 5000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx 7000
Search vendor "Lenovo" for product "Thinkagile Vx 7000"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr530
Search vendor "Lenovo" for product "Thinksystem Sr530"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr550
Search vendor "Lenovo" for product "Thinksystem Sr550"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr570
Search vendor "Lenovo" for product "Thinksystem Sr570"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr590
Search vendor "Lenovo" for product "Thinksystem Sr590"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr630
Search vendor "Lenovo" for product "Thinksystem Sr630"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr650
Search vendor "Lenovo" for product "Thinksystem Sr650"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St550
Search vendor "Lenovo" for product "Thinksystem St550"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 3.08_cdi340v
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.08_cdi340v"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St558
Search vendor "Lenovo" for product "Thinksystem St558"
--
Safe
Lenovo
Search vendor "Lenovo"
Xclarity Controller
Search vendor "Lenovo" for product "Xclarity Controller"
< 1.71_psi328n
Search vendor "Lenovo" for product "Xclarity Controller" and version " < 1.71_psi328n"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr950 Server
Search vendor "Lenovo" for product "Thinksystem Sr950 Server"
--
Safe