How severe is the CVE-2019-6179 vulnerability?

The severity of the CVE-2019-6179 vulnerability is rated as high with a CVSS score of 7.5.

How can I fix the CVE-2019-6179 vulnerability?

Update Lenovo XClarity Administrator to version 2.5.0, Lenovo XClarity Integrator for Microsoft System Center to version 7.7.0, and Lenovo XClarity Integrator for VMWare vCenter to version 6.1.0 to fix the CVE-2019-6179 vulnerability.

Where can I find more information about CVE-2019-6179?

You can find more information about CVE-2019-6179 on the Lenovo support website at https://support.lenovo.com/solutions/LEN-27805.

Vulnerability/
CVE-2019-6179

high

7.5

CWE

611

3/9/2019

16/9/2024

CVE-2019-6179: XEE

Q: What is CVE-2019-6179?

CVE-2019-6179 is an XML External Entity (XXE) processing vulnerability reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0, Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0.

Q: Which software versions are affected by CVE-2019-6179?

Lenovo XClarity Administrator prior to version 2.5.0, Lenovo XClarity Integrator for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator for VMWare vCenter prior to version 6.1.0 are affected by CVE-2019-6179.

First published: Tue Sep 03 2019(Updated: )

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo XClarity Administrator	<2.5.0
Lenovo Xclarity Integrator	<6.1.0
Lenovo Xclarity Integrator	<7.7.0

Remedy

Update your LXCA installation to version 2.5.0 or later. Update LXCI for Microsoft System Center to version 7.7.0 or later. Update LXCI for VMware vCenter to version 6.1.0 or later.

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/solutions/LEN-27805

Frequently Asked Questions

What is CVE-2019-6179?
CVE-2019-6179 is an XML External Entity (XXE) processing vulnerability reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0, Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0.
How severe is the CVE-2019-6179 vulnerability?
The severity of the CVE-2019-6179 vulnerability is rated as high with a CVSS score of 7.5.
Which software versions are affected by CVE-2019-6179?
Lenovo XClarity Administrator prior to version 2.5.0, Lenovo XClarity Integrator for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator for VMWare vCenter prior to version 6.1.0 are affected by CVE-2019-6179.
How can I fix the CVE-2019-6179 vulnerability?
Update Lenovo XClarity Administrator to version 2.5.0, Lenovo XClarity Integrator for Microsoft System Center to version 7.7.0, and Lenovo XClarity Integrator for VMWare vCenter to version 6.1.0 to fix the CVE-2019-6179 vulnerability.
Where can I find more information about CVE-2019-6179?
You can find more information about CVE-2019-6179 on the Lenovo support website at https://support.lenovo.com/solutions/LEN-27805.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/remedy
agent/description
agent/tags
agent/event
agent/first-publish-date
vendor/lenovo
canonical/lenovo xclarity administrator
canonical/lenovo xclarity integrator

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.