134 matches found
Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System
Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2024-38510 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...
CVE-2024-8281
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...
CVE-2024-8280
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...
CVE-2024-8278
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-8059
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...
CVE-2024-8279
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-45101
The CVE-2024-45101 issue affects Lenovo XClarity Administrator (LXCA) where enabling Single Sign-On (SSO) can lead to privilege escalation by intercepting a valid authenticated user’s XCC session. The vulnerability arises when a user is tricked into clicking a specially crafted URL, enabling an a...
CVE-2024-8281
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...
CVE-2024-8281
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...
CVE-2024-8281
Lenovo XCC (XClarity Controller) contains an input validation weakness that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted command line input in the XCC SSH captive shell. This CVE (CVE-2024-8281) is documented across multip...
CVE-2024-8280
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...
CVE-2024-8280
CVE-2024-8280 describes an input validation weakness in Lenovo’s XClarity Controller (XCC) that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service by processing a specially crafted file. The vulnerability is t...
CVE-2024-8280
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file...
CVE-2024-8279
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-8279
CVE-2024-8279 describes a privilege-escalation flaw in Lenovo’s XClarity Controller (XCC) where a remotely authenticated user with elevated privileges can perform a command injection via specially crafted file uploads . The NVD/NVD-derived description aligns with multiple vendors (Red Hat, IBM Cl...
CVE-2024-8279
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-8278
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-8278
CVE-2024-8278 (XCC) affects Lenovo XClarity Controller (XCC) embedded in IBM Cloud Pak System SR630 OEMSR630. A remote, authenticated attacker with elevated privileges can perform command injection via specially crafted IPMI commands due to an input-validation weakness. Base CVSS v3.1: 7.2 (HIGH)...
CVE-2024-8278
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-8059
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...