Lucene search
+L

134 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/28 6:4 p.m.13 views

Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System

Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2024-38510 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...

7.2CVSS7.4AI score0.01071EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/09/13 6:15 p.m.21 views

CVE-2024-8281

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...

7.2CVSS0.01032EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 6:15 p.m.26 views

CVE-2024-8280

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...

7.2CVSS0.01032EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 6:15 p.m.24 views

CVE-2024-8278

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS0.01099EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 6:15 p.m.26 views

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...

4.3CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 6:15 p.m.18 views

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01099EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.50 views

CVE-2024-45101

The CVE-2024-45101 issue affects Lenovo XClarity Administrator (LXCA) where enabling Single Sign-On (SSO) can lead to privilege escalation by intercepting a valid authenticated user’s XCC session. The vulnerability arises when a user is tricked into clicking a specially crafted URL, enabling an a...

6.8CVSS6.9AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:27 p.m.11 views

CVE-2024-8281

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...

7.2CVSS7.2AI score0.01032EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/13 5:27 p.m.24 views

CVE-2024-8281

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...

7.2CVSS0.01032EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.50 views

CVE-2024-8281

Lenovo XCC (XClarity Controller) contains an input validation weakness that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted command line input in the XCC SSH captive shell. This CVE (CVE-2024-8281) is documented across multip...

7.2CVSS7.4AI score0.01032EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/13 5:27 p.m.23 views

CVE-2024-8280

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...

7.2CVSS0.01032EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.61 views

CVE-2024-8280

CVE-2024-8280 describes an input validation weakness in Lenovo’s XClarity Controller (XCC) that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service by processing a specially crafted file. The vulnerability is t...

7.2CVSS7.4AI score0.01032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:27 p.m.10 views

CVE-2024-8280

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...

7.2CVSS7.2AI score0.01032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:27 p.m.7 views

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS7.5AI score0.01099EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.57 views

CVE-2024-8279

CVE-2024-8279 describes a privilege-escalation flaw in Lenovo’s XClarity Controller (XCC) where a remotely authenticated user with elevated privileges can perform a command injection via specially crafted file uploads . The NVD/NVD-derived description aligns with multiple vendors (Red Hat, IBM Cl...

7.2CVSS7.6AI score0.01099EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/13 5:27 p.m.27 views

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:27 p.m.12 views

CVE-2024-8278

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS7.5AI score0.01099EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.48 views

CVE-2024-8278

CVE-2024-8278 (XCC) affects Lenovo XClarity Controller (XCC) embedded in IBM Cloud Pak System SR630 OEMSR630. A remote, authenticated attacker with elevated privileges can perform command injection via specially crafted IPMI commands due to an input-validation weakness. Base CVSS v3.1: 7.2 (HIGH)...

7.2CVSS7.6AI score0.01099EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/13 5:27 p.m.33 views

CVE-2024-8278

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS0.01099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/13 5:27 p.m.21 views

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...

4.3CVSS6.9AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder