Lenovo: >> Xclarity Administrator >> 3.1.0 Security Vulnerabilities
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-13
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-09-13
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-26
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-06-26
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-06-26