SQL Injection Vulnerability in Lenovo's LXCA Management System
CVE-2023-34418

8.1HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator
Vendor: CVE Published:; 26 June 2023

What is CVE-2023-34418?

A valid, authenticated user of Lenovo's XClarity Administrator (LXCA) may exploit a SQL injection vulnerability in a specific web API. This flaw could allow unauthorized access to sensitive events and data stored within LXCA, potentially leading to significant data breaches and unauthorized manipulations of the system. It is crucial for users to be aware of this vulnerability and to apply recommended security updates to mitigate any risks associated with this issue.

Affected Version(s)

Lenovo XClarity Administrator Versions prior to 4.0

References

https://support.lenovo.com/us/en/product_security/LEN-98715

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Jun 5, 2023