Lenovo

Xclarity Controller

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-38510

  • EPSS 0.37%
  • Veröffentlicht 26.07.2024 20:15:04
  • Zuletzt bearbeitet 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

7.2

CVE-2024-38511

  • EPSS 0.35%
  • Veröffentlicht 26.07.2024 20:15:04
  • Zuletzt bearbeitet 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

7.2

CVE-2024-38512

  • EPSS 0.37%
  • Veröffentlicht 26.07.2024 20:15:04
  • Zuletzt bearbeitet 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

7.2

CVE-2024-38508

  • EPSS 0.37%
  • Veröffentlicht 26.07.2024 20:15:03
  • Zuletzt bearbeitet 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

7.2

CVE-2024-38509

  • EPSS 0.29%
  • Veröffentlicht 26.07.2024 20:15:03
  • Zuletzt bearbeitet 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

5.3

CVE-2021-3956

  • EPSS 0.18%
  • Veröffentlicht 18.05.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:23:13

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unau...

4.9

CVE-2021-3473

  • EPSS 0.1%
  • Veröffentlicht 13.04.2021 21:15:25
  • Zuletzt bearbeitet 21.11.2024 06:21:37

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/re...

4.8

CVE-2019-6195

  • EPSS 0.14%
  • Veröffentlicht 14.02.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:46:09

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if ...

6.5

CVE-2019-6187

  • EPSS 0.51%
  • Veröffentlicht 20.11.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 04:46:07

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in...