Lenovo XClarity Administrator における重要な情報の平文での送信に関する脆弱性
| Title |
Lenovo XClarity Administrator における重要な情報の平文での送信に関する脆弱性
|
| Summary |
Lenovo XClarity Administrator (LXCA) には、重要な情報の平文での送信に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Jan. 28, 2020, midnight |
| Registration Date |
Nov. 4, 2021, 4:17 p.m. |
| Last Update |
Nov. 4, 2021, 4:17 p.m. |
|
CVSS3.0 : 警告
|
| Score |
4.9
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
4
|
| Vector |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
Affected System
| Lenovo |
|
Lenovo XClarity Administrator 3.1.0 未満
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2021年11月04日]
掲載 |
Nov. 4, 2021, 4:17 p.m. |
NVD Vulnerability Information
CVE-2020-8355
| Summary |
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.
|
| Publication Date |
Feb. 11, 2021, 6:15 a.m. |
| Registration Date |
Feb. 11, 2021, 10:01 a.m. |
| Last Update |
Nov. 21, 2024, 2:38 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:* |
|
|
|
3.1.0 |
Related information, measures and tools
Common Vulnerabilities List