An authenticated XCC user can change permissions for any user through a crafted API...
8.8CVSS
8.4AI Score
0.001EPSS
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically...
4.9CVSS
5.2AI Score
0.001EPSS
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local...
4.8CVSS
5.1AI Score
0.001EPSS