ID

VAR-202304-2198


CVE

CVE-2023-25495


TITLE

plural  Lenovo  Insufficient Protection of Credentials in Products Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-009621

DESCRIPTION

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured. thinkagile hx5530 firmware, thinkagile hx7530 firmware, ThinkAgile VX3331 firmware etc. Lenovo The product contains an insufficient credential protection vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2023-25495 // JVNDB: JVNDB-2023-009621 // VULMON: CVE-2023-25495

AFFECTED PRODUCTS

vendor:lenovomodel:thinksystem sr650 v2scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem st258 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr258scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr650scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx1320scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx2320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sd630 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile hx2320-escope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr158scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx 1sescope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx2720-escope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr550scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx7531scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3530 fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd530scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st250scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx1320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx5521-cscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx3720scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3531 hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr950scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx2330scope:eqversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3375scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinksystem sr670scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr250scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx7531scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem st250 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile hx7530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7521scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkstation p920scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem st258scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx3320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx3331scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3720scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr530scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx1521-rscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx3330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sn850scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx2331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx enclosurescope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem se350scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx5531scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr630scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr645scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx2321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr645 v3scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile mx1020scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr850pscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr250 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3520-gscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx7320 nscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx3521-gscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx7820scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinksystem sr850scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1021scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st550scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx5520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr570scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sd650scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1520-rscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sn550 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3530-gscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sn550scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx7820scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3520-gscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile mx3331-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr860scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st650 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr670 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx7520 nscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx5521scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr150scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx7821scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3531-fscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx 2u4nscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr665scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7531scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3721scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx5530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx7330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx7530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr258 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5520-cscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr630 v2scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx 4uscope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3330-fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd650 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx2330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3376scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx7520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx2330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3330-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr590scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile mx3331-fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd650-n v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem st658 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr860 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkedge se450scope:ltversion:1.60_usx324o

Trust: 1.0

vendor:lenovomodel:thinkagile hx3330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3530-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx1021 on se350scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr850 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr665 v3scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7530scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2320-escope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2330scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx enclosurescope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1521-rscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2720-escope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3330scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile vx3331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3320scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1021scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1520-rscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1320scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx5530scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009621 // NVD: CVE-2023-25495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-25495
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2023-25495
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-25495
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202304-2297
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-25495
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2023-25495
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009621 // CNNVD: CNNVD-202304-2297 // NVD: CVE-2023-25495 // NVD: CVE-2023-25495

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009621 // NVD: CVE-2023-25495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2297

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-2297

PATCH

title:Lenovo XClarity Controller Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=235823

Trust: 0.6

sources: CNNVD: CNNVD-202304-2297

EXTERNAL IDS

db:NVDid:CVE-2023-25495

Trust: 3.3

db:LENOVOid:LEN-99936

Trust: 2.5

db:JVNDBid:JVNDB-2023-009621

Trust: 0.8

db:CNNVDid:CNNVD-202304-2297

Trust: 0.6

db:VULMONid:CVE-2023-25495

Trust: 0.1

sources: VULMON: CVE-2023-25495 // JVNDB: JVNDB-2023-009621 // CNNVD: CNNVD-202304-2297 // NVD: CVE-2023-25495

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-99936

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-25495

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-25495/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-25495 // JVNDB: JVNDB-2023-009621 // CNNVD: CNNVD-202304-2297 // NVD: CVE-2023-25495

SOURCES

db:VULMONid:CVE-2023-25495
db:JVNDBid:JVNDB-2023-009621
db:CNNVDid:CNNVD-202304-2297
db:NVDid:CVE-2023-25495

LAST UPDATE DATE

2024-08-14T13:20:46.997000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-25495date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009621date:2023-12-06T04:42:00
db:CNNVDid:CNNVD-202304-2297date:2023-05-10T00:00:00
db:NVDid:CVE-2023-25495date:2023-05-09T20:36:34.067

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-25495date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009621date:2023-12-06T00:00:00
db:CNNVDid:CNNVD-202304-2297date:2023-04-28T00:00:00
db:NVDid:CVE-2023-25495date:2023-04-28T22:15:08.950