CVE-2023-3113

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 63.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Administrator Lenovo Lenovo Xclarity Administrator

Timeline

PublishedJun 26

Description

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶NVDlenovo/xclarity_administrator< 4.0.0

▶CVEListV5lenovo/lenovo_xclarity_administratorVersions prior to 4.0

🔴Vulnerability Details

GHSA

GHSA-xfcj-2f35-8gfw: An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-↗2023-06-26

▶

CVEList

CVE-2023-3113: An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-↗2023-06-26

▶