21 matches found
CVE-2021-3473
An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...
Default credentials
An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...
CVE-2021-3473
An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...
Lenovo XClarity Controller (XCC) Information Disclosure Vulnerability - Lenovo Support US
No description provided...
Lenovo XClarity Controller 安全漏洞
Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller that stems from. An internal product security audit of Lenovo XCC Lenovo...
CVE-2020-8356
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...
CVE-2021-3417
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...
CVE-2020-8356
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...
Design/Logic Flaw
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...
Design/Logic Flaw
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...
CVE-2021-3417
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...
CVE-2021-3417
Lenovo XClarity Orchestrator (LXCO) prior to 1.2.2 stores LXCA credentials in internal logs: when LXCA is added as a Resource Manager, credentials are encoded and written to the FFDC/service log, which is only accessible to the privileged LXCO user who requested the file. No exploitation details ...
CVE-2020-8356
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...
CVE-2020-8355
Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 exposes Windows OS credentials used for driver updates in the First Failure Data Capture (FFDC) service log if the log is generated during endpoint updates. The log is only created by a privileged LXCA user, access is limited to that use...
Design/Logic Flaw
An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are...
CVE-2017-3744
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...
Design/Logic Flaw
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...
CVE-2017-3744
CVE-2017-3744 affects Lenovo System x IMM2 firmware. Remote commands issued by LXCA/other utilities may be logged in the FFDC service log, potentially exposing clear-text login information to authorized users who can capture/export FFDC data. Impact is confined to Lenovo System x IMM2, with the v...