Vulnerabilities (CVE)

Filtered by vendor Lenovo Subscribe

Filtered by product Xclarity Administrator

Total 27 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2024-45103	4 Emc, Lenovo, Microsoft and 1 more	4 Vmware, Xclarity Administrator, Windows and 1 more	2024-09-19	N/A	4.3 MEDIUM
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-45104	4 Emc, Lenovo, Microsoft and 1 more	4 Vmware, Xclarity Administrator, Windows and 1 more	2024-09-19	N/A	6.5 MEDIUM
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2023-34421	1 Lenovo	1 Xclarity Administrator	2024-02-28	N/A	6.5 MEDIUM
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVE-2023-3113	1 Lenovo	1 Xclarity Administrator	2024-02-28	N/A	7.5 HIGH
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVE-2023-34422	1 Lenovo	1 Xclarity Administrator	2024-02-28	N/A	6.5 MEDIUM
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34418	1 Lenovo	1 Xclarity Administrator	2024-02-28	N/A	8.1 HIGH
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVE-2023-34420	1 Lenovo	1 Xclarity Administrator	2024-02-28	N/A	7.2 HIGH
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.