CVE-2019-6193

HIGH

Lenovo XClarity Administrator < 2.6.6 - Unauthenticated Information Disclosure via Configuration Files

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0103
EPSS Percentile 59.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-284
Status published
Products (1)
lenovo/xclarity_administrator < 2.6.6
Published Feb 14, 2020
Tracked Since Feb 18, 2026