CVE-2023-25495 — MEDIUM (4.9)

Q: How severe is CVE-2023-25495?

CVE-2023-25495 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-25495?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Hx5530 Firmware, Lenovo Thinkagile Hx5530, Lenovo Thinkagile Hx7530 Firmware, Lenovo Thinkagile Hx7530, Lenovo Thinkagile Vx3331 Firmware.

Vulnerability Description

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Thinkagile Hx5530 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx5530	-
Lenovo	Thinkagile Hx7530 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx7530	-
Lenovo	Thinkagile Vx3331 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Vx3331	-
Lenovo	Thinkagile Hx Enclosure Firmware	< 3.72_tei388s
Lenovo	Thinkagile Hx Enclosure	-
Lenovo	Thinkagile Hx1021 Firmware	< 3.72_tei388s
Lenovo	Thinkagile Hx1021	-
Lenovo	Thinkagile Hx1320 Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1320	-
Lenovo	Thinkagile Hx1321 Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1321	-
Lenovo	Thinkagile Hx1331 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx1331	-
Lenovo	Thinkagile Hx1520-R Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1520-R	-
Lenovo	Thinkagile Hx1521-R Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1521-R	-

Related Weaknesses (CWE)

CWE-522

References

https://support.lenovo.com/us/en/product_security/LEN-99936Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-99936Vendor Advisory

FAQ

What is CVE-2023-25495?

CVE-2023-25495 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations....

How severe is CVE-2023-25495?

CVE-2023-25495 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25495?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Hx5530 Firmware, Lenovo Thinkagile Hx5530, Lenovo Thinkagile Hx7530 Firmware, Lenovo Thinkagile Hx7530, Lenovo Thinkagile Vx3331 Firmware.