Privilege Escalation Vulnerability in LXCA with SSO Enabled

CVE-2024-45101
6.8MEDIUM

Key Information

Vendor
Lenovo
Status
Xclarity Administrator
Vendor
CVE Published:
13 September 2024

Summary

A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.

Affected Version(s)

XClarity Administrator < 4.1

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.