In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/solutions/LEN-22168 | Vendor Advisory |
Configurations
Information
Published : 2018-07-30 09:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-9065
Mitre link : CVE-2018-9065
JSON object : View
CWE
CWE-312
Cleartext Storage of Sensitive Information
Products Affected
lenovo
- xclarity_administrator