CVE-2019-19756

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Administrator version 2.6.0

Description An internal product security audit discovered that Windows OS credentials used for driver updates of managed systems are being written to a log file in clear text. This issue affects the log files accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA, specifically when performing a Windows driver update.

Recommendations For Lenovo XClarity Administrator version 2.6.0, consider restricting access to the log files in the First Failure Data Capture (FFDC) service log and log files on LXCA to minimize the risk of credential exposure until a patch is available.