Skip to main content

Xclarity Administrator CVE-2016-8233

CRITICAL
Insertion of Sensitive Information into Log File (CWE-532)
2017-03-01 psirt@lenovo.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 01, 2017 - 22:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

AnalysisAI

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-532. Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Affected products include: Lenovo Xclarity Administrator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-3770 HIGH
8.8 Sep 22

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse

CVE-2018-9066 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstanc

CVE-2018-9064 HIGH
8.8 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call

CVE-2023-34418 HIGH
8.1 Jun 26

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to

CVE-2017-3745 HIGH
7.8 Jun 20

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user

CVE-2023-3113 HIGH
7.5 Jun 26

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) ser

CVE-2019-6179 HIGH
7.5 Sep 03

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to vers

CVE-2018-9065 HIGH
7.5 Jul 30

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file

CVE-2023-34420 HIGH
7.2 Jun 26

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted call

CVE-2016-8221 HIGH
7.0 Jan 12

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or cha

CVE-2017-3763 MEDIUM
6.7 Sep 22

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of

CVE-2024-45104 MEDIUM
6.5 Sep 13

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXC

Share

CVE-2016-8233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy