CVE-2023-34418

CWE-89 — SQL Injection3 documents3 sources

Severity

8.1HIGH

EPSS

0.3%

top 47.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Administrator Lenovo Lenovo Xclarity Administrator

Timeline

PublishedJun 26

Description

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDlenovo/xclarity_administrator< 4.0.0

▶CVEListV5lenovo/lenovo_xclarity_administratorVersions prior to 4.0

🔴Vulnerability Details

GHSA

GHSA-7m59-rj87-rmgp: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability↗2023-06-26

▶

CVEList

CVE-2023-34418: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability↗2023-06-26

▶