Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Sep 17, 2024

CVE-2019-6161

Description

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.

Affected products

Lenovo/ThinkAgile CP-SB BMCllm-create2 versions
<1908.M+ 1 more
- (no CPE)range: <1908.M
- (no CPE)range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.lenovo.com/solutions/LEN-26957mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000