Lenovo Security Advisory: LEN-10810
Potential Impact: Sensitive information disclosure
Scope of Impact: Lenovo specific
CVE Identifier: CVE-2017-3743
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.
The Lenovo ToolsCenter is a collection of server management tools to help manage your server environment.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to version 10.2 or later for ASU, available here.
Update to version 10.3 or later for UXSPI, available here.
Update to version 10.3 or later of DSA, available here.