1. Home
  2. CVE Database
  3. CVE-2017-3745
HIGH · 7.8

CVE-2017-3745

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenti...

Vulnerability Description

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoXclarity Administrator<= 1.2.2

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2017-3745?

CVE-2017-3745 is a vulnerability with a CVSS score of 7.8 (HIGH). In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenti...

How severe is CVE-2017-3745?

CVE-2017-3745 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3745?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.