CVE-2019-6194 — XML External Entity (XXE) Injection in Lenovo Xclarity Administrator

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.7

EPSS

0.3%

top 51.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Administrator

Timeline

PublishedFeb 14

Latest updateMay 24

Description

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5lenovo/xclarity_administratorunspecified — 2.6.6

▶NVDlenovo/xclarity_administrator< 2.6.6

🔴Vulnerability Details

GHSA

GHSA-ccgr-hfcp-wj34: An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2↗2022-05-24

▶

CVEList

CVE-2019-6194: An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2↗2020-02-14

▶