Lenovo XClarity Administrator 2.3 Remote Code Execution Vulnerability

Summary

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

Credit:

The information has been provided by Lenovo.
The original article can be found at:https://support.lenovo.com/solutions/LEN-26141


Details

Lenovo XClarity Administrator is prone to a remote code-execution vulnerability. This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
Vulnerable Systems:

  • Lenovo XClarity Administrator 2.3
  • Lenovo XClarity Administrator 2.2
  • Lenovo XClarity Administrator 2.0

CVE Information:
CVE-2019-6158

Disclosure Timeline:
Publish Date:05/03/2019