In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

Published : 2017-06-20 00:29 Updated : 2017-06-30 17:10

CVSS Score More info
Score 2.1 / 10
Vendor Product Version URI
Lenovo Xclarity Administrator 1.2.2 cpe:/a:lenovo:xclarity_administrator:1.2.2
  1. Lenovo (1) Search CVE
    1. Xclarity Administrator (1) Search CVE
      1. 1.2.2


ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2017-06-30 18:29
2017-06-20 00:29