Details of VAR-202103-0760

ID

VAR-202103-0760

CVE

CVE-2020-8356

TITLE

LXCO Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016272

DESCRIPTION

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file. LXCO Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Lenovo XClarity Orchestrator is an application software of China Lenovo (Lenovo). Provides centralized monitoring, management, and analytics for environments with large numbers of devices

Trust: 1.71

sources: NVD: CVE-2020-8356 // JVNDB: JVNDB-2020-016272 // VULHUB: VHN-186481

AFFECTED PRODUCTS

vendor:	lenovo	model:	xclarity orchestrator	scope:	lt	version:	1.2.2	Trust: 1.0
vendor:	lenovo	model:	xclarity orchestrator	scope:	eq	version:	1.2.2	Trust: 0.8
vendor:	lenovo	model:	xclarity orchestrator	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-016272 // NVD: CVE-2020-8356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8356
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8356
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8356
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-678
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186481
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8356
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186481
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8356
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-016272
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186481 // JVNDB: JVNDB-2020-016272 // CNNVD: CNNVD-202103-678 // NVD: CVE-2020-8356 // NVD: CVE-2020-8356

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	Sending important information in clear text (CWE-319) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186481 // JVNDB: JVNDB-2020-016272 // NVD: CVE-2020-8356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-678

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-678

PATCH

title:	LEN-49884	url:	https://support.lenovo.com/us/en/product_security/LEN-49884	Trust: 0.8
title:	LXCO Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144274	Trust: 0.6

sources: JVNDB: JVNDB-2020-016272 // CNNVD: CNNVD-202103-678

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8356	Trust: 2.5
db:	LENOVO	id:	LEN-49884	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-016272	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-678	Trust: 0.6
db:	VULHUB	id:	VHN-186481	Trust: 0.1

sources: VULHUB: VHN-186481 // JVNDB: JVNDB-2020-016272 // CNNVD: CNNVD-202103-678 // NVD: CVE-2020-8356

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-49884	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8356	Trust: 0.8

sources: VULHUB: VHN-186481 // JVNDB: JVNDB-2020-016272 // CNNVD: CNNVD-202103-678 // NVD: CVE-2020-8356

SOURCES

db:	VULHUB	id:	VHN-186481
db:	JVNDB	id:	JVNDB-2020-016272
db:	CNNVD	id:	CNNVD-202103-678
db:	NVD	id:	CVE-2020-8356

LAST UPDATE DATE

2024-11-23T22:51:06.490000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186481	date:	2021-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-016272	date:	2021-11-18T09:07:00
db:	CNNVD	id:	CNNVD-202103-678	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-8356	date:	2024-11-21T05:38:46.397

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186481	date:	2021-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-016272	date:	2021-11-18T00:00:00
db:	CNNVD	id:	CNNVD-202103-678	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2020-8356	date:	2021-03-09T17:15:12.453