{ "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-6193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "XClarity Administrator (LXCA)", "version": { "version_data": [ { "version_affected": "<", "version_value": "2.6.6" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-29477", "name": "https://support.lenovo.com/us/en/product_security/LEN-29477" } ] }, "solution": [ { "lang": "eng", "value": "Update your LXCA installation to version 2.6.6 or later. Installation note: You will need to update to LXCA 2.6.0 before installing the latest fix bundle (v 2.6.6)." } ], "source": { "advisory": "LEN-29477", "discovery": "UNKNOWN" } }