CPE Details
Lenovo XClarity Administrator (LXCA) 3.1.0
3.1.0
2021-02-11
14h52 +00:00
14h52 +00:00
2021-02-11
14h52 +00:00
14h52 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:lenovo:xclarity_administrator:3.1.0:*:*:*:*:*:*:*
Informations
Vendor
lenovoProduct
xclarity_administratorVersion
3.1.0Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | 6.5 |
Moyen |
||
| A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | 4.3 |
Moyen |
||
| A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | 6.5 |
Moyen |
||
| A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | 6.5 |
Moyen |
||
| A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | 7.2 |
Haute |
||
| A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | 8.1 |
Haute |
||
| An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | 8.2 |
Haute |
2025©
tesweb SA
