Lucene search

LenovoCVELIST:CVE-2023-34418

HistoryJun 26, 2023 - 7:45 p.m.

CVE-2023-34418

2023-06-2619:45:05

CWE-89

lenovo

www.cve.org

cve-2023-34418

lxca

authenticated user

unauthorized access

sql injection

web api

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

JSON

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Lenovo XClarity Administrator",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 4.0"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-98715

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

JSON

Related for CVELIST:CVE-2023-34418