CVE-2020-8355

CWE-319Cleartext Transmission3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 70.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo Xclarity Administrator
Timeline
PublishedFeb 10
Latest updateMay 24

Description

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5lenovo/xclarity_administratorunspecified3.1.0

🔴Vulnerability Details

2
GHSA
GHSA-7mrx-fcmq-phm5: An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 32022-05-24
CVEList
CVE-2020-8355: An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 32021-02-10
CVE-2020-8355 (MEDIUM CVSS 4.9) | An internal product security audit | cvebase.io