Lenovo

Xclarity Controller

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-38510

  • EPSS 0.37%
  • Published 26.07.2024 20:15:04
  • Last modified 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

7.2

CVE-2024-38511

  • EPSS 0.35%
  • Published 26.07.2024 20:15:04
  • Last modified 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

7.2

CVE-2024-38512

  • EPSS 0.37%
  • Published 26.07.2024 20:15:04
  • Last modified 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

7.2

CVE-2024-38508

  • EPSS 0.37%
  • Published 26.07.2024 20:15:03
  • Last modified 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

7.2

CVE-2024-38509

  • EPSS 0.29%
  • Published 26.07.2024 20:15:03
  • Last modified 21.11.2024 09:26:07

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

5.3

CVE-2021-3956

  • EPSS 0.18%
  • Published 18.05.2022 16:15:08
  • Last modified 21.11.2024 06:23:13

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unau...

4.9

CVE-2021-3473

  • EPSS 0.1%
  • Published 13.04.2021 21:15:25
  • Last modified 21.11.2024 06:21:37

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/re...

4.8

CVE-2019-6195

  • EPSS 0.14%
  • Published 14.02.2020 17:15:13
  • Last modified 21.11.2024 04:46:09

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if ...

6.5

CVE-2019-6187

  • EPSS 0.51%
  • Published 20.11.2019 02:15:10
  • Last modified 21.11.2024 04:46:07

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in...