877 matches found
Lenovo XClarity Administrator Command Injection Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A command injection vulnerability exists in Lenovo XClarity Administrator, which...
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
Input validation
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...
Sql injection
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
Input validation
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
Command injection
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34422
CVE-2023-34422 affects Lenovo XClarity Administrator (LXCA). The vulnerability arises from insufficient input validation in a web API, allowing a valid, authenticated LXCA user with elevated privileges to delete folders in the LXCA filesystem via a crafted request. The CVE’s impact is described a...
CVE-2023-34421
CVE-2023-34421 affects Lenovo XClarity Administrator (LXCA). An authenticated LXCA user with elevated privileges can potentially replace filesystem data via a specially crafted web API call due to insufficient input validation. CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (base score 6.5). Explo...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34420
CVE-2023-34420 affects Lenovo XClarity Administrator (LXCA). A valid, authenticated LXCA user with elevated privileges may execute command injections via crafted calls to a specific web API. The vulnerability is confirmed in multiple feeds (NVD, Red Hat, CNVD, etc.). The available documents do no...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...
Lenovo XClarity Administrator SQL注入漏洞
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator that stems from an SQL injecti...