CVE-2018-9065

Summary

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

Affected Software

VendorProductVersion RangeStatus
Lenovo Group Ltd.Lenovo xClarity AdministratorEarlier than 2.1.0affected

Weaknesses

  • Privilege escalation

ADP Enrichment

CVE Program Container

Additional References

References