CVE-2023-25495

CVSS 4.9 MEDIUMEPSS 0.6%CWE-522

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.9EPSS 0.6%KEV nãoPoC —Patch —

Lifecycle

Apr 28, 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

Lenovo · XClarity Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.lenovo.com/us/en/product_security/LEN-99936