Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3743

Опубликовано: 20 июн. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 3.5
EPSS Низкий

Описание

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lenovo:advanced_settings_utility:*:*:*:*:*:*:*:*
Версия до 10.1 (включая)
cpe:2.3:a:lenovo:toolscenter_dynamic_system_analysis:*:*:*:*:*:*:*:*
Версия до 10.2 (включая)
cpe:2.3:a:lenovo:updatexpress_system_pack_installer:*:*:*:*:*:*:*:*
Версия до 10.2 (включая)

EPSS

Процентиль: 57%
0.00354
Низкий

7.5 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-58rh-6x56-9rp4

CVSS3: 7.5
github
больше 3 лет назад

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

EPSS

Процентиль: 57%
0.00354
Низкий

7.5 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200