CVE-2017-3745
Last modified
CVE-2017-3745 is a vulnerability of currently unknown severity. In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Xclarity Administrator | <= 1.2.2 |
References
- https://support.lenovo.com/us/en/product_security/LEN-13671Patch, Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-13671Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-3745?
How severe is CVE-2017-3745?
How do I fix CVE-2017-3745?
Are you affected by CVE-2017-3745?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST