How severe is CVE-2021-3473?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2021-3473?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2021-3473 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.

Related Vulnerabilities

CVE-2019-10363

MEDIUM

CVSS:4.9(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

CWE-3192019

CVE-2019-15635

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and t...

CWE-3192019

CVE-2019-3619

MEDIUM

CVSS:4.9(Medium)

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive inform...

CWE-3192019

CVE-2020-8355

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed s...

CWE-3192020

CVE-2020-8356

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cle...

CWE-3192020

CVE-2021-25643

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cle...

CWE-3192021