Skip to main content

Xclarity Administrator CVE-2016-8221

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2017-01-12 psirt@lenovo.com
7.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 12, 2017 - 22:59 cve.org
HIGH 7.0

DescriptionCVE.org

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.

AnalysisAI

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).

Technical ContextAI

This vulnerability is classified under CWE-264. Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Affected products include: Lenovo Xclarity Administrator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-8233 CRITICAL
9.8 Mar 01

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in

CVE-2017-3770 HIGH
8.8 Sep 22

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse

CVE-2018-9066 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstanc

CVE-2018-9064 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call

CVE-2023-34418 HIGH
8.1 Jun 26

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to

CVE-2017-3745 HIGH
7.8 Jun 20

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user

CVE-2023-3113 HIGH
7.5 Jun 26

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) ser

CVE-2019-6179 HIGH
7.5 Sep 03

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to vers

CVE-2018-9065 HIGH
7.5 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file

CVE-2023-34420 HIGH
7.2 Jun 26

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted call

CVE-2017-3763 MEDIUM
6.7 Sep 22

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of

CVE-2024-45104 MEDIUM
6.5 Sep 13

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXC

Share

CVE-2016-8221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy