CVE-2017-3745
First published: Tue Jun 20 2017(Updated: )
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo XClarity Administrator | <=1.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3745?
CVE-2017-3745 is classified as a medium severity vulnerability due to the potential exposure of sensitive password information.
How do I fix CVE-2017-3745?
To resolve CVE-2017-3745, upgrade Lenovo XClarity Administrator to version 1.3.0 or higher.
Who is affected by CVE-2017-3745?
CVE-2017-3745 affects non-administrative users of Lenovo XClarity Administrator versions prior to 1.3.0.
What kind of data is exposed in CVE-2017-3745?
CVE-2017-3745 may expose password information for users authenticated to the internal LDAP server, including administrative and service accounts.
What should I do if I cannot upgrade to fix CVE-2017-3745?
If you cannot upgrade, ensure that access to service data is restricted to administrative users only to mitigate the effects of CVE-2017-3745.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/lenovo
- canonical/lenovo xclarity administrator
- version/lenovo xclarity administrator/1.2.2