Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo xclarity administrator vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-6179
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior...
Lenovo Xclarity Administrator
Lenovo Xclarity Integrator
7.5
CVSSv3
CVE-2023-3113
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
Lenovo Xclarity Administrator
7.8
CVSSv3
CVE-2017-3745
In Lenovo XClarity Administrator (LXCA) prior to 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accoun...
Lenovo Xclarity Administrator
7.5
CVSSv3
CVE-2018-9065
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA ins...
Lenovo Xclarity Administrator
8.8
CVSSv3
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
Lenovo Xclarity Administrator
6.7
CVSSv3
CVE-2017-3763
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
Lenovo Xclarity Administrator
5.4
CVSSv3
CVE-2019-19757
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions before 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially craf...
Lenovo Xclarity Administrator
8.1
CVSSv3
CVE-2023-34418
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
Lenovo Xclarity Administrator
7.2
CVSSv3
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
Lenovo Xclarity Administrator
6.5
CVSSv3
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
Lenovo Xclarity Administrator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »