CVE-2017-3745

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Administrator versions prior to 1.3.0

Description The issue allows non-administrative users to access password information for previously authenticated users, including administrative and service accounts with administrative privileges, when service data is downloaded. This issue only affects users who have used local authentication with LXCA.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the service data download feature to minimize the risk of exploitation.