Main Vulnerability Database Vulnerabilities #VU73739

Information disclosure in Lenovo XClarity Controller (XCC) - CVE-2023-25495

Published: March 15, 2023

Vulnerability identifier: #VU73739

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-25495

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Lenovo

Affected software:
Lenovo XClarity Controller (XCC)

Detailed vulnerability description

The vulnerability allows a remote administrator to gain access to sensitive information.

The vulnerability exists due to API exposes LDAP configuration, including the configured LDAP client password used by XCC to authenticate to an external LDAP server. A remote privileged user can gain access to sensitive information.

How to mitigate CVE-2023-25495

Install updates from vendor's website.

Sources

https://support.lenovo.com/us/en/product_security/LEN-99936

Information disclosure in Lenovo XClarity Controller (XCC) - CVE-2023-25495

Detailed vulnerability description

How to mitigate CVE-2023-25495

Sources

Please verify you're human