CVE-2018-9065
Last modified
CVE-2018-9065 is a vulnerability of currently unknown severity. In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Xclarity Administrator | < 2.1.0 |
References
- https://support.lenovo.com/us/en/solutions/LEN-22168Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-22168Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-9065?
How severe is CVE-2018-9065?
How do I fix CVE-2018-9065?
Are you affected by CVE-2018-9065?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST