Main Vulnerability Database Vulnerabilities #VU73739

#VU73739 Information disclosure in Lenovo XClarity Controller (XCC) - CVE-2023-25495

Published: March 15, 2023

Vulnerability identifier: #VU73739

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-25495

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Lenovo XClarity Controller (XCC)

Software vendor:
Lenovo

Description

The vulnerability allows a remote administrator to gain access to sensitive information.

The vulnerability exists due to API exposes LDAP configuration, including the configured LDAP client password used by XCC to authenticate to an external LDAP server. A remote privileged user can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://support.lenovo.com/us/en/product_security/LEN-99936

#VU73739 Information disclosure in Lenovo XClarity Controller (XCC) - CVE-2023-25495

Description

Remediation

External links

Please verify you're human