cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-8356,https://securityvulnerability.io/vulnerability/CVE-2020-8356,Clear Text Password Storage in LXCO Product by Lenovo,"An internal audit of Lenovo's LXCO product revealed a security weakness where optional passwords for Syslog and SMTP forwarders, if provided, are recorded in an internal log file in plain text. This log data is captured within the First Failure Data Capture (FFDC) service log, which is only generated upon request from an authorized LXCO user. While access to these logs is restricted to the privileged user who requested them, storing sensitive information in clear text poses significant security risks, including potential exposure to unauthorized users.",Lenovo,Xclarity Orchestrator,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-03-09T00:00:00.000Z,0
CVE-2021-3417,https://securityvulnerability.io/vulnerability/CVE-2021-3417,Internal Credential Logging Issue in Lenovo XClarity Administrator by Lenovo,"An internal security audit of Lenovo XClarity Administrator revealed a vulnerability where sensitive credentials, when added as a Resource Manager, are encoded and logged each time a session is established. These logs are captured in the First Failure Data Capture (FFDC) service log, which is accessible only to privileged users upon request. The logging of these credentials poses a significant risk if the log files are improperly accessed or managed.",Lenovo,Xclarity Orchestrator,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-03-09T00:00:00.000Z,0