Vulnerability Description
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Xclarity Administrator | <= 1.1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95417Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/LEN_10605PatchVendor Advisory
- http://www.securityfocus.com/bid/95417Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/LEN_10605PatchVendor Advisory
FAQ
What is CVE-2016-8221?
CVE-2016-8221 is a vulnerability with a CVSS score of 7.0 (HIGH). Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by au...
How severe is CVE-2016-8221?
CVE-2016-8221 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8221?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.