Internal Credential Logging Issue in Lenovo XClarity Administrator by Lenovo
CVE-2021-3417
4.9MEDIUM
What is CVE-2021-3417?
An internal security audit of Lenovo XClarity Administrator revealed a vulnerability where sensitive credentials, when added as a Resource Manager, are encoded and logged each time a session is established. These logs are captured in the First Failure Data Capture (FFDC) service log, which is accessible only to privileged users upon request. The logging of these credentials poses a significant risk if the log files are improperly accessed or managed.
Affected Version(s)
XClarity Orchestrator < 1.2.2