874 matches found
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
Sql injection
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
Input validation
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...
Input validation
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
Command injection
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34422
CVE-2023-34422 affects Lenovo XClarity Administrator (LXCA). The vulnerability arises from insufficient input validation in a web API, allowing a valid, authenticated LXCA user with elevated privileges to delete folders in the LXCA filesystem via a crafted request. The CVE’s impact is described a...
CVE-2023-34421
CVE-2023-34421 affects Lenovo XClarity Administrator (LXCA). An authenticated LXCA user with elevated privileges can potentially replace filesystem data via a specially crafted web API call due to insufficient input validation. CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (base score 6.5). Explo...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34420
CVE-2023-34420 affects Lenovo XClarity Administrator (LXCA). A valid, authenticated LXCA user with elevated privileges may execute command injections via crafted calls to a specific web API. The vulnerability is confirmed in multiple feeds (NVD, Red Hat, CNVD, etc.). The available documents do no...
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
PT-2023-24869 · Lenovo · Lxca
Name of the Vulnerable Software and Affected Versions: LXCA affected versions not specified Description: A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...
Lenovo XClarity Administrator SQL注入漏洞
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator that stems from an SQL injecti...
CVE-2023-35809
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...