Internal Credential Logging Issue in Lenovo XClarity Administrator by Lenovo
CVE-2021-3417

4.9MEDIUM

Key Information:

Vendor: Lenovo
Status: Xclarity Orchestrator
Vendor: CVE Published:; 9 March 2021

What is CVE-2021-3417?

An internal security audit of Lenovo XClarity Administrator revealed a vulnerability where sensitive credentials, when added as a Resource Manager, are encoded and logged each time a session is established. These logs are captured in the First Failure Data Capture (FFDC) service log, which is accessible only to privileged users upon request. The logging of these credentials poses a significant risk if the log files are improperly accessed or managed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XClarity Orchestrator < 1.2.2

References

https://support.lenovo.com/us/en/product_security/LEN-49884

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2021
Vulnerability Reserved
Feb 25, 2021

JSON

Lenovo

What is CVE-2021-3417?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.