Xclarity Administrator Security Vulnerabilities and Issues — Xclarity Administrator CVE List

Lucene search

LenovoXclarity Administrator

5 matches found

CVE•added 2017/09/22 2:29 p.m.•43 views

CVE-2017-3770

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

8.8CVSS8.8AI score0.00461EPSS

CVE•added 2019/05/03 8:29 p.m.•43 views

CVE-2019-6158

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

8.7CVSS5.8AI score0.00318EPSS

CVE•added 2023/06/26 8:15 p.m.•37 views

CVE-2023-3113

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.

8.2CVSS7.6AI score0.00105EPSS

CVE•added 2018/07/30 4:29 p.m.•33 views

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.

8.8CVSS8.5AI score0.00336EPSS

CVE•added 2023/06/26 8:15 p.m.•29 views

CVE-2023-34418

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

8.1CVSS8.2AI score0.00229EPSS