PT-2021-12730 · Lenovo · Lenovo Xclarity Administrator

Published

2021-02-10

Updated

2021-02-17

CVE-2020-8355

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator versions prior to 3.1.0

Description: An issue was discovered where Windows OS credentials provided for driver updates may be captured in the First Failure Data Capture (FFDC) service log if it is generated during endpoint updates. The service log is only accessible to the privileged user who requested it and is then deleted.

Recommendations: For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FFDC service log to minimize the risk of credential exposure.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-8355

Affected Products

Lenovo Xclarity Administrator

PT-2021-12730 · Lenovo · Lenovo Xclarity Administrator

CVE-2020-8355

Weakness Enumeration

Related Identifiers

Affected Products

References · 4