CVE-2020-8356
MEDIUMLenovo XClarity Orchestrator < 1.2.2 - Cleartext Transmission of Sensitive Information in Log Files
Title source: llmDescription
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-49884
Scores
CVSS v3
4.9
EPSS
0.0017
EPSS Percentile
38.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
lenovo/xclarity_orchestrator
< 1.2.2
Published
Mar 09, 2021
Tracked Since
Feb 18, 2026