5.9

CVE-2023-29056

EPSS 0.15%
Published 28.04.2023 22:15:09
Last modified 21.11.2024 07:56:27
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Thinkagile Hx5530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx5530 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Vx3331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3331 Version-

Lenovo ≫ Thinkagile Hx Enclosure Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx Enclosure Version-

Lenovo ≫ Thinkagile Hx1021 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx1021 Version-

Lenovo ≫ Thinkagile Hx1320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1320 Version-

Lenovo ≫ Thinkagile Hx1321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1321 Version-

Lenovo ≫ Thinkagile Hx1331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx1331 Version-

Lenovo ≫ Thinkagile Hx1520-r Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1520-r Version-

Lenovo ≫ Thinkagile Hx1521-r Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1521-r Version-

Lenovo ≫ Thinkagile Hx2320-e Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx2320-e Version-

Lenovo ≫ Thinkagile Hx2321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx2321 Version-

Lenovo ≫ Thinkagile Hx2330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx2330 Version-

Lenovo ≫ Thinkagile Hx2330 Firmware Version2.93_afbt30p

Lenovo ≫ Thinkagile Hx2330 Version-

Lenovo ≫ Thinkagile Hx2331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx2331 Version-

Lenovo ≫ Thinkagile Hx2720-e Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx2720-e Version-

Lenovo ≫ Thinkagile Hx3320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3320 Version-

Lenovo ≫ Thinkagile Hx3321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3321 Version-

Lenovo ≫ Thinkagile Hx3330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx3330 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3375 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinkagile Hx3375 Version-

Lenovo ≫ Thinkagile Hx3376 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3376 Version-

Lenovo ≫ Thinkagile Hx3520-g Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3520-g Version-

Lenovo ≫ Thinkagile Hx3521-g Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx3521-g Version-

Lenovo ≫ Thinkagile Hx3720 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx3720 Version-

Lenovo ≫ Thinkagile Hx3721 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3721 Version-

Lenovo ≫ Thinkagile Hx5520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5520 Version-

Lenovo ≫ Thinkagile Hx5520-c Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5520-c Version-

Lenovo ≫ Thinkagile Hx5521 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5521 Version-

Lenovo ≫ Thinkagile Hx5521-c Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx5521-c Version-

Lenovo ≫ Thinkagile Hx5531 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5531 Version-

Lenovo ≫ Thinkagile Hx7520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx7520 Version-

Lenovo ≫ Thinkagile Hx7521 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7521 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Hx7820 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Hx7820 Version-

Lenovo ≫ Thinkagile Hx7821 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx7821 Version-

Lenovo ≫ Thinkagile Mx1020 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx1020 Version-

Lenovo ≫ Thinkagile Mx3330-f Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3330-f Version-

Lenovo ≫ Thinkagile Mx3330-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3330-h Version-

Lenovo ≫ Thinkagile Mx3331-f Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3331-f Version-

Lenovo ≫ Thinkagile Mx3331-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3331-h Version-

Lenovo ≫ Thinkagile Mx3530 F Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3530 F Version-

Lenovo ≫ Thinkagile Mx3530-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3530-h Version-

Lenovo ≫ Thinkagile Mx3531 H Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3531 H Version-

Lenovo ≫ Thinkagile Mx3531-f Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Mx3531-f Version-

Lenovo ≫ Thinkagile Mx1021 On Se350 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Mx1021 On Se350 Version-

Lenovo ≫ Thinkagile Vx 1se Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx 1se Version-

Lenovo ≫ Thinkagile Vx 2u4n Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx 2u4n Version-

Lenovo ≫ Thinkagile Vx 4u Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Vx 4u Version-

Lenovo ≫ Thinkagile Vx1320 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx1320 Version-

Lenovo ≫ Thinkagile Vx2320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx2320 Version-

Lenovo ≫ Thinkagile Vx2330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx2330 Version-

Lenovo ≫ Thinkagile Vx3320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx3320 Version-

Lenovo ≫ Thinkagile Vx3330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3330 Version-

Lenovo ≫ Thinkagile Vx3520-g Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx3520-g Version-

Lenovo ≫ Thinkagile Vx3530-g Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3530-g Version-

Lenovo ≫ Thinkagile Vx3720 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx3720 Version-

Lenovo ≫ Thinkagile Vx5520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx5520 Version-

Lenovo ≫ Thinkagile Vx5530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx5530 Version-

Lenovo ≫ Thinkagile Vx7320 N Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7320 N Version-

Lenovo ≫ Thinkagile Vx7330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7330 Version-

Lenovo ≫ Thinkagile Vx7520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7520 Version-

Lenovo ≫ Thinkagile Vx7520 N Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7520 N Version-

Lenovo ≫ Thinkagile Vx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7530 Version-

Lenovo ≫ Thinkagile Vx7531 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7531 Version-

Lenovo ≫ Thinkagile Vx7820 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Vx7820 Version-

Lenovo ≫ Thinkedge Se450 Firmware Version < 1.60_usx324o

Lenovo ≫ Thinkedge Se450 Version-

Lenovo ≫ Thinkstation P920 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkstation P920 Version-

Lenovo ≫ Thinksystem Sd530 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sd530 Version-

Lenovo ≫ Thinksystem Sd630 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd630 V2 Version-

Lenovo ≫ Thinksystem Sd650 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sd650 Version-

Lenovo ≫ Thinksystem Sd650 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd650 V2 Version-

Lenovo ≫ Thinksystem Sd650-n V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd650-n V2 Version-

Lenovo ≫ Thinksystem Se350 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Se350 Version-

Lenovo ≫ Thinksystem Sn550 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sn550 Version-

Lenovo ≫ Thinksystem Sn550 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sn550 V2 Version-

Lenovo ≫ Thinksystem Sn850 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sn850 Version-

Lenovo ≫ Thinksystem Sr150 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr150 Version-

Lenovo ≫ Thinksystem Sr158 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr158 Version-

Lenovo ≫ Thinksystem Sr250 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr250 Version-

Lenovo ≫ Thinksystem Sr250 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr250 V2 Version-

Lenovo ≫ Thinksystem Sr258 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr258 Version-

Lenovo ≫ Thinksystem Sr258 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr258 V2 Version-

Lenovo ≫ Thinksystem Sr530 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr530 Version-

Lenovo ≫ Thinksystem Sr550 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr550 Version-

Lenovo ≫ Thinksystem Sr570 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr570 Version-

Lenovo ≫ Thinksystem Sr590 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr590 Version-

Lenovo ≫ Thinksystem Sr630 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr630 Version-

Lenovo ≫ Thinksystem Sr630 V2 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinksystem Sr630 V2 Version-

Lenovo ≫ Thinksystem Sr645 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr645 Version-

Lenovo ≫ Thinksystem Sr645 V3 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr645 V3 Version-

Lenovo ≫ Thinksystem Sr650 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr650 Version-

Lenovo ≫ Thinksystem Sr650 V2 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinksystem Sr650 V2 Version-

Lenovo ≫ Thinksystem Sr665 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr665 Version-

Lenovo ≫ Thinksystem Sr665 V3 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr665 V3 Version-

Lenovo ≫ Thinksystem Sr670 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr670 Version-

Lenovo ≫ Thinksystem Sr670 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr670 V2 Version-

Lenovo ≫ Thinksystem Sr850 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr850 Version-

Lenovo ≫ Thinksystem Sr850 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr850 V2 Version-

Lenovo ≫ Thinksystem Sr850p Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr850p Version-

Lenovo ≫ Thinksystem Sr860 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr860 Version-

Lenovo ≫ Thinksystem Sr860 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr860 V2 Version-

Lenovo ≫ Thinksystem Sr950 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinksystem Sr950 Version-

Lenovo ≫ Thinksystem St250 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem St250 Version-

Lenovo ≫ Thinksystem St250 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St250 V2 Version-

Lenovo ≫ Thinksystem St258 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem St258 Version-

Lenovo ≫ Thinksystem St258 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St258 V2 Version-

Lenovo ≫ Thinksystem St550 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem St550 Version-

Lenovo ≫ Thinksystem St650 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St650 V2 Version-

Lenovo ≫ Thinksystem St658 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St658 V2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.368

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@lenovo.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://support.lenovo.com/us/en/product_security/LEN-118321

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29056

EUVD