Sign-up

ID

VAR-202102-0928


CVE

CVE-2020-8355


TITLE

Lenovo XClarity Administrator  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016066

DESCRIPTION

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted. Lenovo XClarity Administrator (LXCA) Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. There is a security vulnerability in Lenovo XClarity Administrator. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements

Trust: 1.71

sources: NVD: CVE-2020-8355 // JVNDB: JVNDB-2020-016066 // VULHUB: VHN-186480

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:ltversion:3.1.0

Trust: 1.0

vendor:lenovomodel:xclarity administratorscope:eqversion:3.1.0

Trust: 0.8

vendor:lenovomodel:xclarity administratorscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-016066 // NVD: CVE-2020-8355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8355
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2020-8355
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-8355
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-851
value: MEDIUM

Trust: 0.6

VULHUB: VHN-186480
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8355
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-186480
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8355
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-016066
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186480 // JVNDB: JVNDB-2020-016066 // CNNVD: CNNVD-202102-851 // NVD: CVE-2020-8355 // NVD: CVE-2020-8355

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186480 // JVNDB: JVNDB-2020-016066 // NVD: CVE-2020-8355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-851

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202102-851

PATCH

title:LEN-50446url:https://support.lenovo.com/us/en/product_security/LEN-50446

Trust: 0.8

title:Lenovo Lenovo XClarity Administrator Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142222

Trust: 0.6

sources: JVNDB: JVNDB-2020-016066 // CNNVD: CNNVD-202102-851

EXTERNAL IDS

db:NVDid:CVE-2020-8355

Trust: 2.5

db:LENOVOid:LEN-50446

Trust: 1.7

db:JVNDBid:JVNDB-2020-016066

Trust: 0.8

db:CNNVDid:CNNVD-202102-851

Trust: 0.6

db:VULHUBid:VHN-186480

Trust: 0.1

sources: VULHUB: VHN-186480 // JVNDB: JVNDB-2020-016066 // CNNVD: CNNVD-202102-851 // NVD: CVE-2020-8355

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-50446

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8355

Trust: 1.4

sources: VULHUB: VHN-186480 // JVNDB: JVNDB-2020-016066 // CNNVD: CNNVD-202102-851 // NVD: CVE-2020-8355

SOURCES

db:VULHUBid:VHN-186480
db:JVNDBid:JVNDB-2020-016066
db:CNNVDid:CNNVD-202102-851
db:NVDid:CVE-2020-8355

LAST UPDATE DATE

2024-11-23T22:16:08.185000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186480date:2021-02-17T00:00:00
db:JVNDBid:JVNDB-2020-016066date:2021-11-04T07:17:00
db:CNNVDid:CNNVD-202102-851date:2021-02-22T00:00:00
db:NVDid:CVE-2020-8355date:2024-11-21T05:38:46.247

SOURCES RELEASE DATE

db:VULHUBid:VHN-186480date:2021-02-10T00:00:00
db:JVNDBid:JVNDB-2020-016066date:2021-11-04T00:00:00
db:CNNVDid:CNNVD-202102-851date:2021-02-09T00:00:00
db:NVDid:CVE-2020-8355date:2021-02-10T21:15:13.990