Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-3745

EPSS 0.10% · P26
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-3745

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lenovo XClarity Administrator 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lenovo XClarity Administrator(LXCA)是中国联想(Lenovo)公司的一套集中式的资源管理解决方案。该方案支持简化基础结构管理、加快服务器响应和提高Lenovo服务器系统性能等。 LXCA 1.3.0之前的版本中存在安全漏洞。本地攻击者可利用该漏洞访问用户密码的信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Lenovo Group Ltd.XClarity Administrator 1.2.2 -

II. Public POCs for CVE-2017-3745

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-3745

登录查看更多情报信息。

Same Patch Batch · Lenovo Group Ltd. · 2017-06-20 · 3 CVEs total

CVE-2017-3743多款Lenovo产品安全漏洞
CVE-2017-3744Lenovo System x IMM2固件安全漏洞

IV. Related Vulnerabilities

Same product: XClarity Administrator
Same vendor: Lenovo Group Ltd.

V. Comments for CVE-2017-3745

No comments yet

Leave a comment