CVE-2019-6158 HIGH

CVE-2019-6158

Vendor Lenovo
Product Lenovo XClarity Administrator
Published May 3, 2019
Last update September 16, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

Key dates

02Disclosure timeline

May 3, 2019 CVE published
September 16, 2024 Record updated