Input Validation Flaw in Lenovo's Solution for Enhanced Management
CVE-2023-34422

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator
Vendor: CVE Published:; 26 June 2023

Summary

A valid user of Lenovo's XClarity Administrator (LXCA) with elevated privileges may exploit insufficient input validation to delete folders in the LXCA filesystem. This is achieved through a specifically crafted web API call, creating potential risks for data integrity and system stability.

Affected Version(s)

Lenovo XClarity Administrator Versions prior to 4.0

References

https://support.lenovo.com/us/en/product_security/LEN-98715

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
Jun 5, 2023