CVE-2018-9066
published 2018-07-30CVE-2018-9066: In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | xclarity_administrator | < 2.1.0 | 2.1.0 |
| lenovo_group_ltd | lenovo_xclarity_administrator | — | — |