How severe is CVE-2020-8355?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2020-8355?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2020-8355 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.

Related Vulnerabilities

CVE-2019-10363

MEDIUM

CVSS:4.9(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

CWE-3192019

CVE-2019-15635

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and t...

CWE-3192019

CVE-2019-3619

MEDIUM

CVSS:4.9(Medium)

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive inform...

CWE-3192019

CVE-2020-8356

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cle...

CWE-3192020

CVE-2021-25643

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cle...

CWE-3192021

CVE-2021-3417

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an...

CWE-3192021