Denial of Service Vulnerability in Lenovo XCC Web Interface
CVE-2023-25492

6.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Xclarity Controller
Vendor: CVE Published:; 1 May 2023

What is CVE-2023-25492?

A format string injection vulnerability exists in the Lenovo XCC web user interface, allowing a valid authenticated user to potentially trigger a denial of service condition or cause other undefined behaviors through improper handling of API inputs. This flaw underscores the importance of secure coding practices to prevent misuse and ensure integrity in web applications.

Affected Version(s)

XClarity Controller See product security advisory below

References

https://support.lenovo.com/us/en/product_security/LEN-99936

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2023
Vulnerability Reserved
Feb 6, 2023