Skip to content

Commit

Permalink
Auto-merge PR#2588
Browse files Browse the repository at this point in the history 
Auto-merge PR#2588
  • Loading branch information
@cve-team
cve-team authored Sep 26, 2019
2 parents 7fa55f4 + daa2e4e commit c7b3dd8
Show file tree
Hide file tree
Showing 2 changed files with 126 additions and 6 deletions.
62 changes: 59 additions & 3 deletions 2019/6xxx/CVE-2019-6161.json
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-6161",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkAgile CP-SB ",
"version": {
"version_data": [
{
"affected": "<",
"version_affected": "<",
"version_value": "1908.M"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
Expand All @@ -11,8 +37,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-26957"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the firmware version 1908.M (or newer)."
}
],
"source": {
"advisory": "LEN-26957",
"discovery": "INTERNAL"
}
}
70 changes: 67 additions & 3 deletions 2019/6xxx/CVE-2019-6175.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6175",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "System Update Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.07.0088"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-28093"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
}
],
"source": {
"advisory": "LEN-28093",
"discovery": "EXTERNAL"
}
}

0 comments on commit c7b3dd8

Please sign in to comment.