CVE-2020-8356

Name of the Vulnerable Software and Affected Versions: LXCO versions prior to 1.2.2

Description: An internal product security audit discovered that optional passwords for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. The affected logs are captured in the First Failure Data Capture (FFDC) service log, which is only generated when requested by a privileged LXCO user and is only accessible to the privileged LXCO user that requested the file.

Recommendations: For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FFDC service log to minimize the risk of exploitation. Avoid using optional passwords for the Syslog and SMTP forwarders until the issue is resolved.