Xclarity Administrator
CVE-2016-8221
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
AnalysisAI
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).
Technical ContextAI
This vulnerability is classified under CWE-264. Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Affected products include: Lenovo Xclarity Administrator.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Xclarity Administrator
View allLog files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstanc
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) ser
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to vers
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted call
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXC
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today