Lucene search

LenovoCVELIST:CVE-2023-34422

HistoryJun 26, 2023 - 7:45 p.m.

CVE-2023-34422

2023-06-2619:45:31

CWE-20

lenovo

www.cve.org

cve-2023-34422

lxca

user privilege

input validation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Lenovo XClarity Administrator",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 4.0"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-98715

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

Related for CVELIST:CVE-2023-34422