CVE-2024-45104
published 2024-09-13CVE-2024-45104: A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | xclarity_administrator | < 4.1 | 4.1 |
| lenovo | xclarity_administrator | < 4.1.0 | 4.1.0 |