First published: Fri Apr 28 2023(Updated: )
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1321 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1520-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1521-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2320-e | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2321 | ||
<2.93_afbt30p | ||
=2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3321 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
<4.71_d8bt48p | ||
Lenovo Thinkagile Hx3375 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3376 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3520-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3521-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3720 | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520-c | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5521 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx5521-c | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx7520 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx7521 | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<2.75_psi348s | ||
Lenovo Thinkagile Hx7820 | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx7821 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Mx1020 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<2.75_psi348s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx2320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3520-g | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx5520 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7320 N | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 N | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<1.60_usx324o | ||
Lenovo Thinkstation P920 Firmware | <8.88_cdi3a4a | |
Lenovo Thinkstation P920 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd530 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd650 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Se350 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn550 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn850 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr150 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr158 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr530 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr550 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr570 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr590 | ||
Lenovo Thinksystem Sr630 Firmware | <8.88_cdi3a4a | |
Lenovo Thinksystem Sr630 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr645 | ||
<4.71_d8bt48p | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr650 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr665 | ||
<4.71_d8bt48p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr670 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr860 | ||
<2.60_tgbt42h | ||
<2.75_psi348s | ||
Lenovo Thinksystem Sr950 | ||
<3.72_tei388s | ||
Lenovo Thinksystem St250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem St258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem St550 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.