cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-19756,https://securityvulnerability.io/vulnerability/CVE-2019-19756,Clear Text Exposure in Lenovo XClarity Administrator's Log Files,"An internal audit revealed that Lenovo XClarity Administrator version 2.6.0 improperly logs Windows OS credentials in clear text during driver updates. This flaw allows authorized users with access to the First Failure Data Capture (FFDC) service logs to potentially view sensitive information. The exposure occurs specifically in the logs related to the update process, posing a risk of unauthorized access to critical system credentials.",Lenovo,Xclarity Administrator (lxca),7.9,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-13T00:00:00.000Z,0
CVE-2019-19757,https://securityvulnerability.io/vulnerability/CVE-2019-19757,Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A cross-site scripting vulnerability was identified in Lenovo XClarity Administrator (LXCA) due to improper handling of document object model (DOM) elements. This issue affects versions prior to 2.6.6, allowing attackers to execute malicious JavaScript code in the web browser of a user who clicks a specially crafted link. The code's execution occurs on the user's local system rather than the LXCA server, emphasizing the need for users to remain vigilant about the links they visit.",Lenovo,Xclarity Administrator (lxca),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-6194,https://securityvulnerability.io/vulnerability/CVE-2019-6194,XML External Entity Vulnerability in Lenovo XClarity Administrator,"An XML External Entity (XXE) processing vulnerability has been identified in Lenovo XClarity Administrator, versions earlier than 2.6.6. This vulnerability could potentially allow an attacker to exploit XML parsing in order to gain unauthorized access to sensitive information, posing a significant security risk to affected systems.",Lenovo,Xclarity Administrator (lxca),5.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-6193,https://securityvulnerability.io/vulnerability/CVE-2019-6193,Information Disclosure Vulnerability in Lenovo XClarity Administrator,"An information disclosure vulnerability in Lenovo XClarity Administrator versions prior to 2.6.6 allows unauthenticated users to access sensitive configuration files. These files may expose critical information, including usernames, license keys, IP addresses, and encrypted password hashes, potentially compromising system security and user privacy.",Lenovo,Xclarity Administrator (lxca),7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-6180,https://securityvulnerability.io/vulnerability/CVE-2019-6180,Stored Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A stored cross-site scripting vulnerability exists in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0, allowing an administrative user to inject malicious JavaScript code. This code is stored within LXCA and can be executed in the web browsers of other users accessing the application. It poses a risk as the scripted content could potentially compromise user actions and lead to unauthorized access.",Lenovo,Xclarity Administrator (lxca),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6179,https://securityvulnerability.io/vulnerability/CVE-2019-6179,XML External Entity Processing Vulnerability in Lenovo XClarity Products,"A vulnerability related to XML External Entity (XXE) processing was identified in Lenovo's XClarity Administrator and Integrator products. This vulnerability could allow attackers to exploit the way XML data is parsed, potentially leading to the disclosure of sensitive information. Affected products include Lenovo XClarity Administrator versions prior to 2.5.0, Lenovo XClarity Integrator for Microsoft System Center versions prior to 7.7.0, and Lenovo XClarity Integrator for VMware vCenter versions prior to 6.1.0. It is crucial for users to update their systems to mitigate the risk associated with this vulnerability.",Lenovo,"Xclarity Administrator (lxca),Xclarity Integrator (lxci) For Microsoft System Center,Xclarity Integrator (lxci) For Vmware Vcenter",5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6182,https://securityvulnerability.io/vulnerability/CVE-2019-6182,Stored CSV Injection in Lenovo XClarity Administrator,"A stored CSV Injection vulnerability exists in Lenovo XClarity Administrator which affects versions prior to 2.5.0. This issue allows administrative users to inject malformed data into LXCA Jobs and Event Log data. Consequently, this may lead to the creation of crafted formulas that are stored within exported CSV files. It is important to note that these crafted formulas do not execute on the LXCA platform itself, posing a risk mainly upon exporting the data.",Lenovo,Xclarity Administrator (lxca),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6181,https://securityvulnerability.io/vulnerability/CVE-2019-6181,Reflected Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A reflected cross-site scripting vulnerability exists in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0. This flaw may allow an attacker to craft a malicious URL that, when accessed by a user, can execute arbitrary JavaScript code within the user's web browser. It is important to note that the JavaScript code is not executed on the LXCA system itself but can compromise the user's session or data.",Lenovo,Xclarity Administrator (lxca),6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2017-3763,https://securityvulnerability.io/vulnerability/CVE-2017-3763,,An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.,Lenovo,Lenovo Xclarity Administrator (lxca),6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-09-22T14:29:00.000Z,0
CVE-2017-3770,https://securityvulnerability.io/vulnerability/CVE-2017-3770,,Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.,Lenovo,Lenovo Xclarity Administrator (lxca),8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2017-09-22T14:29:00.000Z,0
CVE-2016-8221,https://securityvulnerability.io/vulnerability/CVE-2016-8221,,"Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.",Lenovo,Xclarity Administrator (lxca),7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-01-12T22:00:00.000Z,0