CVE-2018-9065

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 65.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Administrator Lenovo Group Ltd. Lenovo Xclarity Administrator

Timeline

PublishedJul 30

Latest updateMay 13

Description

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDlenovo/xclarity_administrator< 2.1.0

▶CVEListV5lenovo_group_ltd./lenovo_xclarity_administratorEarlier than 2.1.0

🔴Vulnerability Details

GHSA

GHSA-qgf7-mppg-p3h3: In Lenovo xClarity Administrator versions earlier than 2↗2022-05-13

▶

CVEList

CVE-2018-9065: In Lenovo xClarity Administrator versions earlier than 2↗2018-07-30

▶