All the vulnerabilites related to Lenovo Group Ltd. - Lenovo XClarity Administrator (LXCA)
cve-2017-3763
Vulnerability from cvelistv5
Published
2017-09-22 14:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-16333 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Lenovo XClarity Administrator (LXCA) |
Version: Earlier than 1.3.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo XClarity Administrator (LXCA)",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 1.3.2"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credential disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-09-21T00:00:00",
"ID": "CVE-2017-3763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"version_value": "Earlier than 1.3.2"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credential disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-16333",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3763",
"datePublished": "2017-09-22T14:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T22:50:49.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3770
Vulnerability from cvelistv5
Published
2017-09-22 14:00
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-16333 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo Group Ltd. | Lenovo XClarity Administrator (LXCA) |
Version: Earlier than 1.3.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:39.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo XClarity Administrator (LXCA)",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 1.3.2"
}
]
}
],
"datePublic": "2017-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T13:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-09-21T00:00:00",
"ID": "CVE-2017-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo XClarity Administrator (LXCA)",
"version": {
"version_data": [
{
"version_value": "Earlier than 1.3.2"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-16333",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-16333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3770",
"datePublished": "2017-09-22T14:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-17T00:02:06.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}