Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8356


An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.


Published

2021-03-09T17:15:12.453

Last Modified

2024-11-21T05:38:46.397

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-319
  • Type: Primary
    CWE-319

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application lenovo xclarity_orchestrator < 1.2.2 Yes

References