CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-3745

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.1%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 2.1

References

Products affected by CVE-2017-3745

Lenovo » Xclarity Administrator » Version: 1.0.1

cpe:2.3:a:lenovo:xclarity_administrator:1.0.1
Lenovo » Xclarity Administrator » Version: 1.0.3

cpe:2.3:a:lenovo:xclarity_administrator:1.0.3
Lenovo » Xclarity Administrator » Version: 1.1.0

cpe:2.3:a:lenovo:xclarity_administrator:1.1.0
Lenovo » Xclarity Administrator » Version: 1.1.1

cpe:2.3:a:lenovo:xclarity_administrator:1.1.1
Lenovo » Xclarity Administrator » Version: 1.2.1

cpe:2.3:a:lenovo:xclarity_administrator:1.2.1
Lenovo » Xclarity Administrator » Version: 1.2.2

cpe:2.3:a:lenovo:xclarity_administrator:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-3745

Products

Pricing

Contact Us