Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Lenovo XClarity Orchestrator 安全漏洞
Vulnerability Description
Lenovo XClarity Orchestrator是中国联想(Lenovo)公司的一个应用软件。为包含大量设备的环境提供集中监控、管理和分析。 LXCO prior to version 1.2.2 存在安全漏洞,该漏洞源于如果将XClarity Administrator (LXCA)的凭证添加为资源管理器,那么在每次使用LXCA建立会话时,将其编码并写入内部LXCO日志文件。
CVSS Information
N/A
Vulnerability Type
N/A