CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45102
https://notcve.org/view.php?id=CVE-2024-45102
14 Jan 2025 — A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45104
https://notcve.org/view.php?id=CVE-2024-45104
13 Sep 2024 — A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-282: Improper Ownership Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45103
https://notcve.org/view.php?id=CVE-2024-45103
13 Sep 2024 — A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-282: Improper Ownership Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45101
https://notcve.org/view.php?id=CVE-2024-45101
13 Sep 2024 — A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4605
https://notcve.org/view.php?id=CVE-2023-4605
05 Apr 2024 — A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. Un usuario válido de Lenovo XClarity Administrator (LXCA) puede aprovechar un endpoint API no autenticado para recuperar información de eventos del sistema. • https://support.lenovo.com/us/en/product_security/LEN-136592 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34422
https://notcve.org/view.php?id=CVE-2023-34422
26 Jun 2023 — A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34421
https://notcve.org/view.php?id=CVE-2023-34421
26 Jun 2023 — A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2023-34420
https://notcve.org/view.php?id=CVE-2023-34420
26 Jun 2023 — A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34418
https://notcve.org/view.php?id=CVE-2023-34418
26 Jun 2023 — A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3113
https://notcve.org/view.php?id=CVE-2023-3113
26 Jun 2023 — An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-611: Improper Restriction of XML External Entity Reference •