CVE-2016-8221
HIGHLenovo XClarity Administrator <1.2.0 - Privilege Escalation
Title source: llmDescription
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95417
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN_10605
Scores
CVSS v3
7.0
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (2)
lenovo/xclarity_administrator
< 1.1.1
Lenovo Group Ltd./XClarity Administrator (LXCA)
1.2.0
Published
Jan 12, 2017
Tracked Since
Feb 18, 2026