Code injection

2023-05-0115:15:00

PRIOn knowledge base

www.prio-n.com

code injection

authenticated user

privilege escalation

api security

nvd

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

CPENameOperatorVersion
thinkagile_hx1021_firmwareeq< 3.72-tei388s
thinkagile_hx1320_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1321_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1331_firmwareeq< 2.93-afbt30p
thinkagile_hx1520-r_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1521-r_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2320-e_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2321_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2330_firmwareeq< 2.93-afbt30p
thinkagile_hx2330_firmwareeq2.93.0-afbt30-p

Name	Operator	Version
thinkagile_hx1021_firmware	eq	< 3.72-tei388s
thinkagile_hx1320_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1321_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1331_firmware	eq	< 2.93-afbt30p
thinkagile_hx1520-r_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1521-r_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2320-e_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2321_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2330_firmware	eq	< 2.93-afbt30p
thinkagile_hx2330_firmware	eq	2.93.0-afbt30-p

Rows per page:

1-10 of 1131

References

support.lenovo.com/us/en/product_security/LEN-99936