CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9065
https://notcve.org/view.php?id=CVE-2018-9065
30 Jul 2018 — In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. En Lenovo xClarity Administrator en versiones anteriores a la 2.1.0, un atacante que obtiene acceso al usuario del sistema de archivos de LXCA podría ser ca... • https://support.lenovo.com/us/en/solutions/LEN-22168 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9066
https://notcve.org/view.php?id=CVE-2018-9066
30 Jul 2018 — In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. En Lenovo xClarity Administrator en versiones anteriores a la 2.1.0, un usuario LXCA autenticado puede, en determinadas circunstancias, inyectar parámetros adicionales en una llamada de la API web determinada. Esto podría resultar en la e... • https://support.lenovo.com/us/en/solutions/LEN-22168 • CWE-20: Improper Input Validation •