Lenovo Xclarity Administrator vulnerabilities
6 known vulnerabilities affecting lenovo/lenovo_xclarity_administrator.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-34418HIGHCVSS 8.1vVersions prior to 4.02023-06-26
CVE-2023-34418 [HIGH] CWE-89 CVE-2023-34418: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data st
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
cvelistv5nvd
CVE-2023-34420HIGHCVSS 7.2vVersions prior to 4.02023-06-26
CVE-2023-34420 [HIGH] CWE-78 CVE-2023-34420: A valid, authenticated LXCA user with elevated privileges may be able to execute command injections
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
cvelistv5nvd
CVE-2023-3113HIGHCVSS 7.5vVersions prior to 4.02023-06-26
CVE-2023-3113 [HIGH] CWE-611 CVE-2023-3113: An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Informa
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
cvelistv5nvd
CVE-2023-34422MEDIUMCVSS 6.5vVersions prior to 4.02023-06-26
CVE-2023-34422 [MEDIUM] CWE-20 CVE-2023-34422: A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
cvelistv5nvd
CVE-2023-34421MEDIUMCVSS 6.5vVersions prior to 4.02023-06-26
CVE-2023-34421 [MEDIUM] CWE-20 CVE-2023-34421: A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data thr
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
cvelistv5nvd
CVE-2019-6158MEDIUMCVSS 5.9≥ unspecified, < 2.3.x2019-05-03
CVE-2019-6158 [MEDIUM] CWE-532 CVE-2019-6158: An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy cre
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
cvelistv5nvd