CVE-2023-34420
published 2023-06-26CVE-2023-34420: A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | lenovo_xclarity_administrator | — | — |
| lenovo | xclarity_administrator | < 4.0.0 | 4.0.0 |