Lenovo XClarity Controller 信息泄露漏洞(CVE-2023-25495)

CVE编号

CVE-2023-25495

利用情况

暂无

补丁情况

N/A

披露时间

2023-03-15
漏洞描述
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://support.lenovo.com/us/en/product_security/LEN-99936
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 lenovo thinkagile_hx1021_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_hx1320_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx1321_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx1331_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx1520-r_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx1521-r_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx2320-e_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx2321_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx2330_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx2330_firmware 2.93_afbt30p -
运行在以下环境
系统 lenovo thinkagile_hx2331_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx2720-e_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_hx3320_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx3321_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx3330_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx3331_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx3331_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinkagile_hx3375_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinkagile_hx3376_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx3520-g_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx3521-g_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_hx3720_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_hx3721_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx5520-c_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx5520_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx5521-c_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx5521_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx5530_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx5531_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx7520_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_hx7521_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx7530_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx7531_firmware * Up to
(excluding)
2.75_psi348s
运行在以下环境
系统 lenovo thinkagile_hx7531_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_hx7820_firmware * Up to
(excluding)
2.75_psi348s
运行在以下环境
系统 lenovo thinkagile_hx7821_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_hx_enclosure_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_mx1020_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx1021_on_se350_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_mx3330-f_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3330-h_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3331-f_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3331-h_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3530-h_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3530_f_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_mx3531-f_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_mx3531_h_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx1320_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_vx2320_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx2330_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx3320_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx3330_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx3331_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx3520-g_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx3530-g_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx3720_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_vx5520_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx5530_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx7320_n_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx7330_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx7520_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx7520_n_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinkagile_vx7530_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx7531_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinkagile_vx7820_firmware * Up to
(excluding)
2.75_psi348s
运行在以下环境
系统 lenovo thinkagile_vx_1se_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_vx_2u4n_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinkagile_vx_4u_firmware * Up to
(excluding)
2.75_psi348s
运行在以下环境
系统 lenovo thinkedge_se450__firmware * Up to
(excluding)
1.60_usx324o
运行在以下环境
系统 lenovo thinkstation_p920_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sd530_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sd630_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sd650-n_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sd650_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sd650_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_se350_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sn550_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sn550_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sn850_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr150_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr158_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr250_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr250_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sr258_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr258_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sr530_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr550_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr570_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr590_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr630_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr630_v2_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinksystem_sr645_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinksystem_sr645_v3_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinksystem_sr650_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_sr650_v2_firmware * Up to
(excluding)
2.93_afbt30p
运行在以下环境
系统 lenovo thinksystem_sr665_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinksystem_sr665_v3_firmware * Up to
(excluding)
4.71_d8bt48p
运行在以下环境
系统 lenovo thinksystem_sr670_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr670_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sr850p_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr850_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr850_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sr860_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_sr860_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_sr950_firmware * Up to
(excluding)
2.75_psi348s
运行在以下环境
系统 lenovo thinksystem_st250_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_st250_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_st258_firmware * Up to
(excluding)
3.72_tei388s
运行在以下环境
系统 lenovo thinksystem_st258_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_st550_firmware * Up to
(excluding)
8.88_cdi3a4a
运行在以下环境
系统 lenovo thinksystem_st650_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
系统 lenovo thinksystem_st658_v2_firmware * Up to
(excluding)
2.60_tgbt42h
运行在以下环境
硬件 lenovo thinkagile_hx1021 - -
运行在以下环境
硬件 lenovo thinkagile_hx1320 - -
运行在以下环境
硬件 lenovo thinkagile_hx1321 - -
运行在以下环境
硬件 lenovo thinkagile_hx1331 - -
运行在以下环境
硬件 lenovo thinkagile_hx1520-r - -
运行在以下环境
硬件 lenovo thinkagile_hx1521-r - -
运行在以下环境
硬件 lenovo thinkagile_hx2320-e - -
运行在以下环境
硬件 lenovo thinkagile_hx2321 - -
运行在以下环境
硬件 lenovo thinkagile_hx2330 - -
运行在以下环境
硬件 lenovo thinkagile_hx2331 - -
运行在以下环境
硬件 lenovo thinkagile_hx2720-e - -
运行在以下环境
硬件 lenovo thinkagile_hx3320 - -
运行在以下环境
硬件 lenovo thinkagile_hx3321 - -
运行在以下环境
硬件 lenovo thinkagile_hx3330 - -
运行在以下环境
硬件 lenovo thinkagile_hx3331 - -
运行在以下环境
硬件 lenovo thinkagile_hx3375 - -
运行在以下环境
硬件 lenovo thinkagile_hx3376 - -
运行在以下环境
硬件 lenovo thinkagile_hx3520-g - -
运行在以下环境
硬件 lenovo thinkagile_hx3521-g - -
运行在以下环境
硬件 lenovo thinkagile_hx3720 - -
运行在以下环境
硬件 lenovo thinkagile_hx3721 - -
运行在以下环境
硬件 lenovo thinkagile_hx5520 - -
运行在以下环境
硬件 lenovo thinkagile_hx5520-c - -
运行在以下环境
硬件 lenovo thinkagile_hx5521 - -
运行在以下环境
硬件 lenovo thinkagile_hx5521-c - -
运行在以下环境
硬件 lenovo thinkagile_hx5530 - -
运行在以下环境
硬件 lenovo thinkagile_hx5531 - -
运行在以下环境
硬件 lenovo thinkagile_hx7520 - -
运行在以下环境
硬件 lenovo thinkagile_hx7521 - -
运行在以下环境
硬件 lenovo thinkagile_hx7530 - -
运行在以下环境
硬件 lenovo thinkagile_hx7531 - -
运行在以下环境
硬件 lenovo thinkagile_hx7820 - -
运行在以下环境
硬件 lenovo thinkagile_hx7821 - -
运行在以下环境
硬件 lenovo thinkagile_hx_enclosure - -
运行在以下环境
硬件 lenovo thinkagile_mx1020 - -
运行在以下环境
硬件 lenovo thinkagile_mx1021_on_se350 - -
运行在以下环境
硬件 lenovo thinkagile_mx3330-f - -
运行在以下环境
硬件 lenovo thinkagile_mx3330-h - -
运行在以下环境
硬件 lenovo thinkagile_mx3331-f - -
运行在以下环境
硬件 lenovo thinkagile_mx3331-h - -
运行在以下环境
硬件 lenovo thinkagile_mx3530-h - -
运行在以下环境
硬件 lenovo thinkagile_mx3530_f - -
运行在以下环境
硬件 lenovo thinkagile_mx3531-f - -
运行在以下环境
硬件 lenovo thinkagile_mx3531_h - -
运行在以下环境
硬件 lenovo thinkagile_vx1320 - -
运行在以下环境
硬件 lenovo thinkagile_vx2320 - -
运行在以下环境
硬件 lenovo thinkagile_vx2330 - -
运行在以下环境
硬件 lenovo thinkagile_vx3320 - -
运行在以下环境
硬件 lenovo thinkagile_vx3330 - -
运行在以下环境
硬件 lenovo thinkagile_vx3331 - -
运行在以下环境
硬件 lenovo thinkagile_vx3520-g - -
运行在以下环境
硬件 lenovo thinkagile_vx3530-g - -
运行在以下环境
硬件 lenovo thinkagile_vx3720 - -
运行在以下环境
硬件 lenovo thinkagile_vx5520 - -
运行在以下环境
硬件 lenovo thinkagile_vx5530 - -
运行在以下环境
硬件 lenovo thinkagile_vx7320_n - -
运行在以下环境
硬件 lenovo thinkagile_vx7330 - -
运行在以下环境
硬件 lenovo thinkagile_vx7520 - -
运行在以下环境
硬件 lenovo thinkagile_vx7520_n - -
运行在以下环境
硬件 lenovo thinkagile_vx7530 - -
运行在以下环境
硬件 lenovo thinkagile_vx7531 - -
运行在以下环境
硬件 lenovo thinkagile_vx7820 - -
运行在以下环境
硬件 lenovo thinkagile_vx_1se - -
运行在以下环境
硬件 lenovo thinkagile_vx_2u4n - -
运行在以下环境
硬件 lenovo thinkagile_vx_4u - -
运行在以下环境
硬件 lenovo thinkedge_se450_ - -
运行在以下环境
硬件 lenovo thinkstation_p920 - -
运行在以下环境
硬件 lenovo thinksystem_sd530 - -
运行在以下环境
硬件 lenovo thinksystem_sd630_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sd650 - -
运行在以下环境
硬件 lenovo thinksystem_sd650-n_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sd650_v2 - -
运行在以下环境
硬件 lenovo thinksystem_se350 - -
运行在以下环境
硬件 lenovo thinksystem_sn550 - -
运行在以下环境
硬件 lenovo thinksystem_sn550_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sn850 - -
运行在以下环境
硬件 lenovo thinksystem_sr150 - -
运行在以下环境
硬件 lenovo thinksystem_sr158 - -
运行在以下环境
硬件 lenovo thinksystem_sr250 - -
运行在以下环境
硬件 lenovo thinksystem_sr250_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr258 - -
运行在以下环境
硬件 lenovo thinksystem_sr258_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr530 - -
运行在以下环境
硬件 lenovo thinksystem_sr550 - -
运行在以下环境
硬件 lenovo thinksystem_sr570 - -
运行在以下环境
硬件 lenovo thinksystem_sr590 - -
运行在以下环境
硬件 lenovo thinksystem_sr630 - -
运行在以下环境
硬件 lenovo thinksystem_sr630_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr645 - -
运行在以下环境
硬件 lenovo thinksystem_sr645_v3 - -
运行在以下环境
硬件 lenovo thinksystem_sr650 - -
运行在以下环境
硬件 lenovo thinksystem_sr650_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr665 - -
运行在以下环境
硬件 lenovo thinksystem_sr665_v3 - -
运行在以下环境
硬件 lenovo thinksystem_sr670 - -
运行在以下环境
硬件 lenovo thinksystem_sr670_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr850 - -
运行在以下环境
硬件 lenovo thinksystem_sr850p - -
运行在以下环境
硬件 lenovo thinksystem_sr850_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr860 - -
运行在以下环境
硬件 lenovo thinksystem_sr860_v2 - -
运行在以下环境
硬件 lenovo thinksystem_sr950 - -
运行在以下环境
硬件 lenovo thinksystem_st250 - -
运行在以下环境
硬件 lenovo thinksystem_st250_v2 - -
运行在以下环境
硬件 lenovo thinksystem_st258 - -
运行在以下环境
硬件 lenovo thinksystem_st258_v2 - -
运行在以下环境
硬件 lenovo thinksystem_st550 - -
运行在以下环境
硬件 lenovo thinksystem_st650_v2 - -
运行在以下环境
硬件 lenovo thinksystem_st658_v2 - -
CVSS3评分
4.9
  • 攻击路径
    网络
  • 攻击复杂度
  • 权限要求
  • 影响范围
    未更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-ID 漏洞类型
CWE-522 不充分的凭证保护机制
阿里云安全产品覆盖情况