An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
8.2CVSS
7.6AI Score
0.001EPSS
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
8.1CVSS
8.2AI Score
0.001EPSS
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
7.2CVSS
7AI Score
0.001EPSS
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
6.5CVSS
6.3AI Score
0.001EPSS
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
6.5CVSS
6.2AI Score
0.001EPSS