Lucene search

LenovoCVELIST:CVE-2023-29056

HistoryApr 28, 2023 - 9:07 p.m.

CVE-2023-29056

2023-04-2821:07:40

CWE-269

lenovo

www.cve.org

cve-2023-29056

ldap

xcc

authentication

authorization

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XClarity Controller",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "Refer to Mitigation strategy section in LEN-118321"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-118321

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

Related for CVELIST:CVE-2023-29056