Lenovo Security Advisory: LEN-13671
Potential Impact: Disclosure of credentials to a non-administrative user
Severity: High
**Scope of Impact:**Lenovo Specific
**CVE Identifier:**CVE-2017-3745
Summary Description:
During an internal assessment, a vulnerability was identified in Lenovo XClarity Administrator (LXCA) version 1.2.2. If service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCAβs internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
Lenovo XClarity Administrator is a centralized, resource-management solution for Lenovo server systems and solutions.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your system to LXCA version 1.3.0 or later by clicking here.
For a complete list of all Lenovo Product Security Advisories, click here.
Revision History:
Revision
|
Date
|
Description
β|β|β
1
|
6/8/2017
|
Initial Release
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.