CVE-2019-6179
HIGHLenovo XClarity Administrator < 2.5.0 and XClarity Integrator < 6.1.0/< 7.7.0 - XML External Entity Injection
Title source: llmDescription
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-27805
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (3)
lenovo/xclarity_administrator
< 2.5.0
lenovo/xclarity_integrator
< 6.1.0
lenovo/xclarity_integrator
< 7.7.0
Published
Sep 03, 2019
Tracked Since
Feb 18, 2026