Page 24 of 421 results (0.035 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.3EPSS: 0%CPEs: 16EXPL: 0

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. • https://support.lenovo.com/us/en/product_security/LEN-127357 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. • https://support.lenovo.com/us/en/product_security/LEN-127357 • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) •