Lucene search

K
cveLenovoCVE-2024-45103
HistorySep 13, 2024 - 6:15 p.m.

CVE-2024-45103

2024-09-1318:15:04
CWE-282
lenovo
web.nvd.nist.gov
23
lxca
user authentication
device management

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.8

Confidence

High

EPSS

0

Percentile

14.1%

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.

Affected configurations

Nvd
Node
lenovoxclarity_administratorRange<4.1.0
AND
emcvmwareMatch-
OR
microsoftwindowsMatch-
OR
redhatkernel-based_virtual_machineMatch-
VendorProductVersionCPE
lenovoxclarity_administrator*cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
emcvmware-cpe:2.3:a:emc:vmware:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
redhatkernel-based_virtual_machine-cpe:2.3:o:redhat:kernel-based_virtual_machine:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XClarity Administrator",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.8

Confidence

High

EPSS

0

Percentile

14.1%

Related for CVE-2024-45103