CVE-2018-9065 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-9065?

CVE-2018-9065 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-9065?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.

Vulnerability Description

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Xclarity Administrator	< 2.1.0

Related Weaknesses (CWE)

CWE-312

References

https://support.lenovo.com/us/en/solutions/LEN-22168Vendor Advisory
https://support.lenovo.com/us/en/solutions/LEN-22168Vendor Advisory

FAQ

What is CVE-2018-9065?

CVE-2018-9065 is a vulnerability with a CVSS score of 7.5 (HIGH). In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service pr...

How severe is CVE-2018-9065?

CVE-2018-9065 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9065?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Administrator.