Windows OS Credentials Exposure in Lenovo XClarity Administrator
CVE-2020-8355
4.9MEDIUM
What is CVE-2020-8355?
Lenovo XClarity Administrator prior to version 3.1.0 contains a vulnerability that results in the exposure of Windows OS credentials. During driver updates of managed systems, these credentials may be captured in the First Failure Data Capture (FFDC) service log. This log is generated at the request of a privileged user and is only accessible to that user. However, if generated while updates are occurring, sensitive data may be inadvertently saved and later accessed before deletion.
Affected Version(s)
XClarity Administrator < 3.1.0