High severity7.8NVD Advisory· Published Jun 20, 2017· Updated May 13, 2026

CVE-2017-3745

Description

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

Affected products

Lenovo/Xclarity Administrator
cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
Range: <=1.2.2
Lenovo Group Ltd./XClarity Administratorv5
Range: 1.2.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.lenovo.com/us/en/product_security/LEN-13671nvdPatchVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000