cvedb.io
CVE-2021-3417
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2021-03-09T17:15:12.923 · Last modified 2026-06-17T04:05:03.193

Summary

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.

Affected products

lenovo — xclarity_orchestrator

Does this affect you?

Add your gear to cvedb and we'll alert you only when lenovo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.