Sensitive Information Exposure in Lenovo XClarity Controller
CVE-2021-3473
4.5MEDIUM
What is CVE-2021-3473?
An internal security audit revealed that using Lenovo XClarity Administrator to perform a backup or restore on the Lenovo XClarity Controller can lead to the exposure of configuration backup/restore passwords. These sensitive credentials are temporarily stored in an internal log buffer, which may be included in FFDC service logs generated by a privileged user. Although the log contents are overwritten within approximately ten minutes, the risk remains for users who have access to these logs, as the backup/restore password may be inadvertently disclosed during log generation.
Affected Version(s)
XClarity Controller (XCC) < 6.00 CDI370Q
XClarity Controller (XCC) < 1.10 TGBT12Q
XClarity Controller (XCC) < 3.20 TEI378W