CVE-2020-8355
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.
Una auditoría de seguridad de producto interno de Lenovo XClarity Administrator (LXCA) versiones anteriores a 3.1.0, detectó que las credenciales del Sistema Operativo Windows proporcionadas por el usuario de LXCA para llevar a cabo actualizaciones de controladores de sistemas administrados pueden capturarse en el registro de servicio First Failure Data Capture (FFDC) si el registro de servicio es generado mientras se actualizan los endpoints administrados. El registro de servicio solo es generado cuando lo pide un usuario LXCA privilegiado y solo es accesible para el usuario LXCA privilegiado que pidió el archivo y luego es eliminado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-28 CVE Reserved
- 2021-02-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.lenovo.com/us/en/product_security/LEN-50446 | 2021-02-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Lenovo Search vendor "Lenovo" | Xclarity Administrator Search vendor "Lenovo" for product "Xclarity Administrator" | < 3.1.0 Search vendor "Lenovo" for product "Xclarity Administrator" and version " < 3.1.0" | - |
Affected
|