CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured

Published: Apr 29, 2023
Updated: May 10, 2023
CVE: CVE-2023-25495
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
lenovo / thinkagile_hx5530_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx_enclosure_firmware	-	3.72_tei388s
lenovo / thinkagile_hx1021_firmware	-	3.72_tei388s
lenovo / thinkagile_hx1320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx1520-r_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1521-r_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2320-e_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2330_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx2330_firmware	2.93_afbt30p	2.93_afbt30p.x
lenovo / thinkagile_hx2331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx2720-e_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3330_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx3331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx3331_firmware	-	4.71_d8bt48p
lenovo / thinkagile_hx3375_firmware	-	4.71_d8bt48p
lenovo / thinkagile_hx3376_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3520-g_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3521-g_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3720_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3721_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5520-c_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5521_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5521-c_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx5531_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx7520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx7521_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7531_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7531_firmware	-	2.75_psi348s
lenovo / thinkagile_hx7820_firmware	-	2.75_psi348s
lenovo / thinkagile_hx7821_firmware	-	3.72_tei388s
lenovo / thinkagile_mx1020_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3330-f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3330-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3331-f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3331-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3530_f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3530-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3531_h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3531-f_firmware	-	3.72_tei388s
lenovo / thinkagile_mx1021_on_se350_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_1se_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_2u4n_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_4u_firmware	-	2.75_psi348s
lenovo / thinkagile_vx1320_firmware	-	3.72_tei388s
lenovo / thinkagile_vx2320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx2330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx3330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3520-g_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx3530-g_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3720_firmware	-	3.72_tei388s
lenovo / thinkagile_vx5520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx5530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7320_n_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7520_n_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7531_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7820_firmware	-	2.75_psi348s
lenovo / thinkedge_se450__firmware	-	1.60_usx324o
lenovo / thinkstation_p920_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sd530_firmware	-	3.72_tei388s
lenovo / thinksystem_sd630_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sd650_firmware	-	3.72_tei388s
lenovo / thinksystem_sd650_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sd650-n_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_se350_firmware	-	3.72_tei388s
lenovo / thinksystem_sn550_firmware	-	3.72_tei388s
lenovo / thinksystem_sn550_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sn850_firmware	-	3.72_tei388s
lenovo / thinksystem_sr150_firmware	-	3.72_tei388s
lenovo / thinksystem_sr158_firmware	-	3.72_tei388s
lenovo / thinksystem_sr250_firmware	-	3.72_tei388s
lenovo / thinksystem_sr250_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr258_firmware	-	3.72_tei388s
lenovo / thinksystem_sr258_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr530_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr550_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr570_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr590_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr630_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr630_v2_firmware	-	2.93_afbt30p
lenovo / thinksystem_sr645_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr645_v3_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr650_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr650_v2_firmware	-	2.93_afbt30p
lenovo / thinksystem_sr665_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr665_v3_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr670_firmware	-	3.72_tei388s
lenovo / thinksystem_sr670_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr850_firmware	-	3.72_tei388s
lenovo / thinksystem_sr850_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr850p_firmware	-	3.72_tei388s
lenovo / thinksystem_sr860_firmware	-	3.72_tei388s
lenovo / thinksystem_sr860_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr950_firmware	-	2.75_psi348s
lenovo / thinksystem_st250_firmware	-	3.72_tei388s
lenovo / thinksystem_st250_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st258_firmware	-	3.72_tei388s
lenovo / thinksystem_st258_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st550_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_st650_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st658_v2_firmware	-	2.60_tgbt42h

https://support.lenovo.com/us/en/product_security/LEN-99936

Vulnerability Database

289,697

CVE-2023-25495