VYPR

Xclarity Administrator

by Lenovo

CVEs (28)

  • CVE-2019-6194Feb 14, 2020
    risk 0.00cvss epss 0.01

    An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.

  • CVE-2019-6193Feb 14, 2020
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

  • CVE-2019-19757Feb 14, 2020
    risk 0.00cvss epss 0.01

    An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially…

  • CVE-2019-6182Sep 3, 2019
    risk 0.00cvss epss 0.01

    A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV…

  • CVE-2019-6181Sep 3, 2019
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on…

  • CVE-2019-6180Sep 3, 2019
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The…

  • CVE-2019-6179Sep 3, 2019
    risk 0.00cvss epss 0.01

    An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter…

  • CVE-2019-6158May 3, 2019
    risk 0.00cvss epss 0.01

    An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

Page 2 of 2