A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
lenovo xclarity administrator