CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.9%
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Vendor | Product | Version | CPE |
---|---|---|---|
lenovo | thinkagile_hx5530_firmware | - | cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx5530 | - | cpe:2.3:h:lenovo:thinkagile_hx5530:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx7530_firmware | - | cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx7530 | - | cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:* |
lenovo | thinkagile_vx3331_firmware | - | cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:* |
lenovo | thinkagile_vx3331 | - | cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx1331_firmware | - | cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx1331 | - | cpe:2.3:h:lenovo:thinkagile_hx1331:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx2330_firmware | - | cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:* |
lenovo | thinkagile_hx2330 | - | cpe:2.3:h:lenovo:thinkagile_hx2330:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "Lenovo XClarity Controller (XCC)",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
]