CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9065
https://notcve.org/view.php?id=CVE-2018-9065
30 Jul 2018 — In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. En Lenovo xClarity Administrator en versiones anteriores a la 2.1.0, un atacante que obtiene acceso al usuario del sistema de archivos de LXCA podría ser ca... • https://support.lenovo.com/us/en/solutions/LEN-22168 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9066
https://notcve.org/view.php?id=CVE-2018-9066
30 Jul 2018 — In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. En Lenovo xClarity Administrator en versiones anteriores a la 2.1.0, un usuario LXCA autenticado puede, en determinadas circunstancias, inyectar parámetros adicionales en una llamada de la API web determinada. Esto podría resultar en la e... • https://support.lenovo.com/us/en/solutions/LEN-22168 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 67EXPL: 0CVE-2017-17833 – openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
https://notcve.org/view.php?id=CVE-2017-17833
23 Apr 2018 — OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. Las versiones de OpenSLP en las secuencias de código 1.0.2 y 1.1.0 tienen un problema de corrupción de memoria relacionada con la memoria dinámica (heap), que puede manifestarse como una vulnerabilidad de denegación de servicio (DoS) o de ejecución remota de código. A use-after-free flaw in OpenSLP 1.x and 2.x baselines wa... • http://support.lenovo.com/us/en/solutions/LEN-18247 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3764
https://notcve.org/view.php?id=CVE-2017-3764
30 Nov 2017 — A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. Se ha identificado una vulnerabilidad en Lenovo XClarity Administrator (LXCA) en versiones anteriores a la 1.4.0 en la que los nombres de cuentas de usuario LXCA podrían verse expuestos a usuarios no autenticados que tengan acceso a la interfaz de usuario w... • https://support.lenovo.com/us/en/product_security/LEN-16335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3763
https://notcve.org/view.php?id=CVE-2017-3763
22 Sep 2017 — An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. Un atacante que obtenga acceso a la localización en el que se almacena el sistema de archivos de LXCA podría acceder a las credenciales de las cuentas locales de LXCA en las versiones anteriores a 1.3.2 de LXCA. • https://support.lenovo.com/us/en/product_security/LEN-16333 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3770
https://notcve.org/view.php?id=CVE-2017-3770
22 Sep 2017 — Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. Una vulnerabilidad de escalado de privilegios en versiones anteriores a la 1.3.2 de LXCA en donde un usuario autenticado podría explotar ciertas funcionalidades de la interfaz web para ejecutar comandos con privilegios en el sistema operativo LXCA subyacente. • https://support.lenovo.com/us/en/product_security/LEN-16333 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3745
https://notcve.org/view.php?id=CVE-2017-3745
20 Jun 2017 — In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. En Lenovo XClarity Administrator (LXC... • https://support.lenovo.com/us/en/product_security/LEN-13671 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8233
https://notcve.org/view.php?id=CVE-2016-8233
01 Mar 2017 — Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Archivos de registro generados por Lenovo XClarity Administrator (LXCA) versiones anteriores a 1.2.2 podría contener credenciales de un usuario en un formulario de texto no seguro y claro que podría ser visto por un usuario no privilegiado. • http://www.securityfocus.com/bid/95992 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8221
https://notcve.org/view.php?id=CVE-2016-8221
12 Jan 2017 — Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Escalamiento de privilegios en Lenovo XClarity Administrator en versiones anteriores a 1.2.0, si LXCA se utiliza para gestionar switches de rack o chasis con módulos ... • http://www.securityfocus.com/bid/95417 • CWE-264: Permissions, Privileges, and Access Controls •