CVE-2020-8356
Last modified
CVE-2020-8356 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. EPSS estimates a 0.54% chance of exploitation in the next 30 days.
Description
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Xclarity Orchestrator | < 1.2.2 |
References
- https://support.lenovo.com/us/en/product_security/LEN-49884Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-49884Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-8356?
How severe is CVE-2020-8356?
How do I fix CVE-2020-8356?
Are you affected by CVE-2020-8356?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST