cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-34418,https://securityvulnerability.io/vulnerability/CVE-2023-34418,SQL Injection Vulnerability in Lenovo's LXCA Management System,"A valid, authenticated user of Lenovo's XClarity Administrator (LXCA) may exploit a SQL injection vulnerability in a specific web API. This flaw could allow unauthorized access to sensitive events and data stored within LXCA, potentially leading to significant data breaches and unauthorized manipulations of the system. It is crucial for users to be aware of this vulnerability and to apply recommended security updates to mitigate any risks associated with this issue.",Lenovo,Lenovo Xclarity Administrator,8.1,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34420,https://securityvulnerability.io/vulnerability/CVE-2023-34420,Command Injection Vulnerability in Lenovo XClarity Administrator Web API,"A command injection vulnerability exists in the Lenovo XClarity Administrator web API, which can be exploited by an authenticated user with elevated privileges. This vulnerability allows attackers to execute arbitrary commands through specially crafted API calls, potentially compromising the integrity and security of the system. Organizations using Lenovo XClarity Administrator should review their security configurations and apply necessary mitigations to prevent exploitation. For more information, visit the Lenovo support page.",Lenovo,Lenovo Xclarity Administrator,7.2,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34421,https://securityvulnerability.io/vulnerability/CVE-2023-34421,Insufficient Input Validation in Lenovo LXCA Affects Data Integrity,"An authenticated user with elevated privileges in Lenovo's LXCA can exploit a security flaw allowing them to execute a specifically crafted web API call, leading to unintended modifications of filesystem data. This vulnerability stems from inadequate validation of input, potentially compromising the integrity of the system.",Lenovo,Lenovo Xclarity Administrator,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-3113,https://securityvulnerability.io/vulnerability/CVE-2023-3113,Unauthenticated XML External Entity Injection in Lenovo's CIM Server,"An unauthenticated XML External Entity Injection vulnerability has been identified in Lenovo's Common Information Model (CIM) server. This issue allows attackers to exploit the server in order to gain read-only access to sensitive files, potentially exposing critical data. The vulnerability arises from improper validation of XML input, which could be manipulated to disclose confidential information. Managing this risk requires prompt patching and adherence to security best practices.",Lenovo,Lenovo Xclarity Administrator,8.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34422,https://securityvulnerability.io/vulnerability/CVE-2023-34422,Input Validation Flaw in Lenovo's Solution for Enhanced Management,"A valid user of Lenovo's XClarity Administrator (LXCA) with elevated privileges may exploit insufficient input validation to delete folders in the LXCA filesystem. This is achieved through a specifically crafted web API call, creating potential risks for data integrity and system stability.",Lenovo,Lenovo Xclarity Administrator,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2019-6158,https://securityvulnerability.io/vulnerability/CVE-2019-6158,Sensitive Credential Exposure in Lenovo XClarity Administrator,"An internal security audit of Lenovo XClarity Administrator (LXCA) revealed that HTTP proxy credentials can be stored in clear text within log files, exposing sensitive information when configured. This vulnerability affects LXCA versions from 2.0.0 through 2.3.x, potentially allowing unauthorized access to these credentials if proper security measures are not in place.",Lenovo,Lenovo Xclarity Administrator,8.7,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2019-05-02T00:00:00.000Z,0
CVE-2018-9064,https://securityvulnerability.io/vulnerability/CVE-2018-9064,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.",Lenovo,Lenovo Xclarity Administrator,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2018-9065,https://securityvulnerability.io/vulnerability/CVE-2018-9065,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.",Lenovo,Lenovo Xclarity Administrator,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2018-9066,https://securityvulnerability.io/vulnerability/CVE-2018-9066,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.",Lenovo,Lenovo Xclarity Administrator,8.8,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2017-3770,https://securityvulnerability.io/vulnerability/CVE-2017-3770,,Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.,Lenovo,Lenovo Xclarity Administrator (lxca),8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2017-09-22T14:29:00.000Z,0
CVE-2017-3763,https://securityvulnerability.io/vulnerability/CVE-2017-3763,,An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.,Lenovo,Lenovo Xclarity Administrator (lxca),6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-09-22T14:29:00.000Z,0