PT-2019-4348 · Microsoft+2 · System Center+4
Published
2019-09-03
·
Updated
2022-10-14
·
CVE-2019-6179
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Lenovo XClarity Administrator versions prior to 2.5.0
Lenovo XClarity Integrator (LXCI) for Microsoft System Center versions prior to 7.7.0
Lenovo XClarity Integrator (LXCI) for VMWare vCenter versions prior to 6.1.0
Description
A vulnerability related to XML External Entity (XXE) processing was reported, which could allow information disclosure. The issue is associated with incorrect restriction of XML links to external objects, potentially enabling a remote attacker to disclose protected information.
Recommendations
For Lenovo XClarity Administrator versions prior to 2.5.0, update to version 2.5.0 or later.
For Lenovo XClarity Integrator (LXCI) for Microsoft System Center versions prior to 7.7.0, update to version 7.7.0 or later.
For Lenovo XClarity Integrator (LXCI) for VMWare vCenter versions prior to 6.1.0, update to version 6.1.0 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lenovo Xclarity Administrator
Lenovo Xclarity Integrator (Lxci) For Microsoft System Center
Lenovo Xclarity Integrator (Lxci) For Vmware Vcenter
System Center
Vmware Vcenter