CPE-39D97807-E5AE-41BD-AFA9-749218289F10 Détail

CPE Details

Lenovo XClarity Administrator (LXCA) 2.6.6

Vendor

lenovo

Product

xclarity_administrator

Version

2.6.6

Created

2020-02-24
17h21 +00:00

Modifié

2020-02-24
17h21 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:lenovo:xclarity_administrator:2.6.6:::::::*

Informations

Vendor

lenovo

Product

xclarity_administrator

Version

2.6.6

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2024-45104	2024-09-13 17h28 +00:00	A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.	6.5	Moyen
CVE-2024-45103	2024-09-13 17h28 +00:00	A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.	4.3	Moyen
CVE-2023-34422	2023-06-26 19h45 +00:00	A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.	6.5	Moyen
CVE-2023-34421	2023-06-26 19h45 +00:00	A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.	6.5	Moyen
CVE-2023-34420	2023-06-26 19h45 +00:00	A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.	7.2	Haute
CVE-2023-34418	2023-06-26 19h45 +00:00	A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.	8.1	Haute
CVE-2023-3113	2023-06-26 19h44 +00:00	An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.	8.2	Haute
CVE-2020-8355	2021-02-10 21h05 +00:00	An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.	4.9	Moyen

Lenovo XClarity Administrator (LXCA) 2.6.6

CPE Details

CPE Name: cpe:2.3:a:lenovo:xclarity_administrator:2.6.6:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:lenovo:xclarity_administrator:2.6.6:::::::*