Unauthenticated XML External Entity Injection in Lenovo's CIM Server
CVE-2023-3113

8.2HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator
Vendor: CVE Published:; 26 June 2023

What is CVE-2023-3113?

An unauthenticated XML External Entity Injection vulnerability has been identified in Lenovo's Common Information Model (CIM) server. This issue allows attackers to exploit the server in order to gain read-only access to sensitive files, potentially exposing critical data. The vulnerability arises from improper validation of XML input, which could be manipulated to disclose confidential information. Managing this risk requires prompt patching and adherence to security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Lenovo XClarity Administrator Versions prior to 4.0

References

https://support.lenovo.com/us/en/product_security/LEN-98715

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Jun 5, 2023

JSON

Lenovo