Sign-up

ID

VAR-201711-0397


CVE

CVE-2017-3764


TITLE

Lenovo XClarity Administrator Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011078

DESCRIPTION

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. Lenovo XClarity Administrator (LXCA) Contains an information disclosure vulnerability.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.4.0

Trust: 1.71

sources: NVD: CVE-2017-3764 // JVNDB: JVNDB-2017-011078 // VULHUB: VHN-111967

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:1.4.0

Trust: 1.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.0.3

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.0

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.2.2

Trust: 0.6

vendor:lenovomodel:xclarity administratorscope:eqversion:1.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-011078 // CNNVD: CNNVD-201711-1197 // NVD: CVE-2017-3764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3764
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3764
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1197
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111967
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3764
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111967
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3764
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111967 // JVNDB: JVNDB-2017-011078 // CNNVD: CNNVD-201711-1197 // NVD: CVE-2017-3764

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-111967 // JVNDB: JVNDB-2017-011078 // NVD: CVE-2017-3764

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1197

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-1197

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011078

PATCH
title:LEN-16335url:https://support.lenovo.com/jp/ja/product_security/len-16335
Trust: 0.8
title:Lenovo XClarity Administrator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76816
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011078 // 
            
            
            
            CNNVD: CNNVD-201711-1197

EXTERNAL IDS
db:NVDid:CVE-2017-3764
Trust: 2.5
db:LENOVOid:LEN-16335
Trust: 1.7
db:JVNDBid:JVNDB-2017-011078
Trust: 0.8
db:CNNVDid:CNNVD-201711-1197
Trust: 0.7
db:VULHUBid:VHN-111967
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111967 // 
            
            
            
            JVNDB: JVNDB-2017-011078 // 
            
            
            
            CNNVD: CNNVD-201711-1197 // 
            
            
            
            NVD: CVE-2017-3764

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-16335
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3764
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3764
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111967 // 
            
            
            
            JVNDB: JVNDB-2017-011078 // 
            
            
            
            CNNVD: CNNVD-201711-1197 // 
            
            
            
            NVD: CVE-2017-3764

SOURCES
db:VULHUBid:VHN-111967
db:JVNDBid:JVNDB-2017-011078
db:CNNVDid:CNNVD-201711-1197
db:NVDid:CVE-2017-3764

LAST UPDATE DATE
2024-11-23T22:45:34.010000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111967date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-011078date:2018-01-05T00:00:00
db:CNNVDid:CNNVD-201711-1197date:2017-12-19T00:00:00
db:NVDid:CVE-2017-3764date:2024-11-21T03:26:05.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-111967date:2017-11-30T00:00:00
db:JVNDBid:JVNDB-2017-011078date:2018-01-05T00:00:00
db:CNNVDid:CNNVD-201711-1197date:2017-12-01T00:00:00
db:NVDid:CVE-2017-3764date:2017-11-30T19:29:00.193