Insufficient Input Validation in Lenovo LXCA Affects Data Integrity
CVE-2023-34421

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator
Vendor: CVE Published:; 26 June 2023

What is CVE-2023-34421?

An authenticated user with elevated privileges in Lenovo's LXCA can exploit a security flaw allowing them to execute a specifically crafted web API call, leading to unintended modifications of filesystem data. This vulnerability stems from inadequate validation of input, potentially compromising the integrity of the system.

Affected Version(s)

Lenovo XClarity Administrator Versions prior to 4.0

References

https://support.lenovo.com/us/en/product_security/LEN-98715

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Jun 5, 2023