CVE-2021-3417

Severity CVSS v4.0:
Pending analysis
Type:
CWE-319 Cleartext Transmission of Sensitive Information
Publication date:
09/03/2021
Last modified:
15/03/2021

Description

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lenovo:xclarity_orchestrator:*:*:*:*:*:*:*:* 1.2.2 (excluding)


References to Advisories, Solutions, and Tools