Details of VAR-201703-0202

ID

VAR-201703-0202

CVE

CVE-2016-8233

TITLE

Lenovo XClarity Administrator Vulnerabilities in which user credentials are viewed in log files generated by

Trust: 0.8

sources: JVNDB: JVNDB-2016-007813

DESCRIPTION

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Lenovo XClarity Administrator is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. An information disclosure vulnerability exists in versions prior to Lenovo LXCA 1.2.2

Trust: 1.98

sources: NVD: CVE-2016-8233 // JVNDB: JVNDB-2016-007813 // BID: 95992 // VULHUB: VHN-97053

AFFECTED PRODUCTS

vendor:	lenovo	model:	xclarity administrator	scope:	lte	version:	1.2.1	Trust: 1.0
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.2.1	Trust: 0.9
vendor:	lenovo	model:	xclarity administrator	scope:	lt	version:	1.2.2	Trust: 0.8
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.1	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	eq	version:	1.2.0	Trust: 0.3
vendor:	lenovo	model:	xclarity administrator	scope:	ne	version:	1.2.2	Trust: 0.3

sources: BID: 95992 // JVNDB: JVNDB-2016-007813 // CNNVD: CNNVD-201702-211 // NVD: CVE-2016-8233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8233
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-8233
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201702-211
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97053
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8233
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97053
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8233
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97053 // JVNDB: JVNDB-2016-007813 // CNNVD: CNNVD-201702-211 // NVD: CVE-2016-8233

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-97053 // JVNDB: JVNDB-2016-007813 // NVD: CVE-2016-8233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-211

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-211

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007813

PATCH

title:	LEN-11635	url:	https://support.lenovo.com/jp/ja/product_security/len-11635	Trust: 0.8
title:	Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67515	Trust: 0.6

sources: JVNDB: JVNDB-2016-007813 // CNNVD: CNNVD-201702-211

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8233	Trust: 2.8
db:	LENOVO	id:	LEN-11635	Trust: 2.0
db:	BID	id:	95992	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007813	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-211	Trust: 0.7
db:	VULHUB	id:	VHN-97053	Trust: 0.1

sources: VULHUB: VHN-97053 // BID: 95992 // JVNDB: JVNDB-2016-007813 // CNNVD: CNNVD-201702-211 // NVD: CVE-2016-8233

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-11635	Trust: 2.0
url:	http://www.securityfocus.com/bid/95992	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8233	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8233	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-97053 // BID: 95992 // JVNDB: JVNDB-2016-007813 // CNNVD: CNNVD-201702-211 // NVD: CVE-2016-8233

CREDITS

Lenovo

Trust: 0.9

sources: BID: 95992 // CNNVD: CNNVD-201702-211

SOURCES

db:	VULHUB	id:	VHN-97053
db:	BID	id:	95992
db:	JVNDB	id:	JVNDB-2016-007813
db:	CNNVD	id:	CNNVD-201702-211
db:	NVD	id:	CVE-2016-8233

LAST UPDATE DATE

2024-11-23T21:54:16.180000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97053	date:	2017-03-03T00:00:00
db:	BID	id:	95992	date:	2017-03-07T04:01:00
db:	JVNDB	id:	JVNDB-2016-007813	date:	2017-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201702-211	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2016-8233	date:	2024-11-21T02:59:02.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97053	date:	2017-03-01T00:00:00
db:	BID	id:	95992	date:	2017-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-007813	date:	2017-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201702-211	date:	2017-02-09T00:00:00
db:	NVD	id:	CVE-2016-8233	date:	2017-03-01T22:59:00.170