| |
Vulnerability CVE-2019-6195
Published: 2020-02-14
Description: |
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) ??LDAP Authentication Only with Local Authorization? mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when ??Local Authentication and Authorization? or ??LDAP Authentication and Authorization? modes are configured and used by XCC. |
References: |
https://support.lenovo.com/us/en/product_security/LEN-29116
|
|
|
Copyright 2024, cxsecurity.com
|
|
|