Medium severity4.9NVD Advisory· Published Apr 28, 2023· Updated Jun 17, 2026
CVE-2023-25495
CVE-2023-25495
Description
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured
Affected products
2- Range: Refer to Mitigation strategy section in LEN-99936
Patches
Vulnerability mechanics
References
1- support.lenovo.com/us/en/product_security/LEN-99936nvdVendor Advisory
News mentions
0No linked articles in our index yet.