Denial of Service Vulnerability in Lenovo XCC Web Interface
CVE-2023-25492

6.3MEDIUM

Key Information:

Vendor

Lenovo
Status
Xclarity Controller
Vendor
CVE Published:
1 May 2023

What is CVE-2023-25492?

A format string injection vulnerability exists in the Lenovo XCC web user interface, allowing a valid authenticated user to potentially trigger a denial of service condition or cause other undefined behaviors through improper handling of API inputs. This flaw underscores the importance of secure coding practices to prevent misuse and ensure integrity in web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XClarity Controller See product security advisory below

References

https://support.lenovo.com/us/en/product_security/LEN-99936

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.