In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-07-30T15:00:00Z

Updated: 2024-09-16T19:04:25.593Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9064

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-30T16:29:00.313

Modified: 2024-11-21T04:14:53.937

Link: CVE-2018-9064

cve-icon Redhat

No data.