CVE-2020-8356 — MEDIUM (4.9)

Q: How severe is CVE-2020-8356?

CVE-2020-8356 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8356?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Orchestrator.

Vulnerability Description

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Xclarity Orchestrator	< 1.2.2

Related Weaknesses (CWE)

CWE-319

References

https://support.lenovo.com/us/en/product_security/LEN-49884Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-49884Vendor Advisory

FAQ

What is CVE-2020-8356?

CVE-2020-8356 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cle...

How severe is CVE-2020-8356?

CVE-2020-8356 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8356?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Xclarity Orchestrator.