CVE-2018-9065

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

Published : 2018-07-30 16:29 Updated : 2019-10-03 00:03

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Lenovo Xclarity Administrator 1.0.1 cpe:/a:lenovo:xclarity_administrator:1.0.1
Lenovo Xclarity Administrator 1.0.3 cpe:/a:lenovo:xclarity_administrator:1.0.3
Lenovo Xclarity Administrator 1.1.0 cpe:/a:lenovo:xclarity_administrator:1.1.0
Lenovo Xclarity Administrator 1.1.1 cpe:/a:lenovo:xclarity_administrator:1.1.1
Lenovo Xclarity Administrator 1.2.1 cpe:/a:lenovo:xclarity_administrator:1.2.1
Lenovo Xclarity Administrator 1.2.2 cpe:/a:lenovo:xclarity_administrator:1.2.2
Lenovo Xclarity Administrator 1.3.0 cpe:/a:lenovo:xclarity_administrator:1.3.0
Lenovo Xclarity Administrator 1.3.1 cpe:/a:lenovo:xclarity_administrator:1.3.1
Lenovo Xclarity Administrator 1.3.2 cpe:/a:lenovo:xclarity_administrator:1.3.2
Lenovo Xclarity Administrator 1.4.0 cpe:/a:lenovo:xclarity_administrator:1.4.0
Lenovo Xclarity Administrator 2.0.0 cpe:/a:lenovo:xclarity_administrator:2.0.0
  1. Lenovo (1) Search CVE
    1. Xclarity Administrator (11) Search CVE
      1. 1.0.1
      2. 1.0.3
      3. 1.1.0
      4. 1.1.1
      5. 1.2.1
      6. 1.2.2
      7. 1.3.0
      8. 1.3.1
      9. 1.3.2
      10. 1.4.0
      11. 2.0.0

CWE

ID Name Description Links
CWE-312 Cleartext Storage of Sensitive Information The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. CVE

History of changes

Date Event
2019-10-03 00:03
2018-10-03 16:35
2018-07-30 16:29

New CVE