cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4606,https://securityvulnerability.io/vulnerability/CVE-2023-4606,Authenticated Password Manipulation in ThinkSystem Servers by Lenovo,"An authentication vulnerability exists in Lenovo ThinkSystem servers, where an authenticated XCC user with Read-Only permissions can exploit a crafted API command to change another user's password. This issue affects ThinkSystem v2 and v3 servers equipped with XCC, while ThinkSystem v1 servers remain unaffected. Users are advised to implement necessary security measures to mitigate risks associated with unauthorized password changes.",Lenovo,Lenovo Xclarity Controller (xcc),8.1,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-4607,https://securityvulnerability.io/vulnerability/CVE-2023-4607,Permission Modification Vulnerability in Lenovo's XCC Platform,"A vulnerability exists within Lenovo's XCC platform that allows an authenticated user with XCC privileges to manipulate the permissions of other users. This is achieved through the execution of a specially crafted API command, potentially giving unauthorized users access to restricted functionalities or sensitive data.",Lenovo,Lenovo XClarity Controller (XCC),8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-4608,https://securityvulnerability.io/vulnerability/CVE-2023-4608,SQL Injection Vulnerability in ThinkSystem Servers by Lenovo,"A blind SQL injection vulnerability exists in Lenovo ThinkSystem servers, affecting versions v2 and v3. This security flaw allows an authenticated XCC user with elevated privileges to execute a crafted API command resulting in unauthorized database access. It is crucial to mitigate this risk to protect sensitive data from potential exploitation.",Lenovo,Lenovo Xclarity Controller (xcc),4.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2019-6187,https://securityvulnerability.io/vulnerability/CVE-2019-6187,Stored CSV Injection Vulnerability in Lenovo XClarity Controller,"A vulnerability exists in Lenovo XClarity Controller that allows administrative users to store malformed data in specific server informational fields. This could lead to crafted formulas being included in exported CSV files. While the crafted formulas do not affect the XCC server directly, they can compromise the integrity of data when accessed through other applications. Users should be aware of potential security risks and take appropriate measures to validate and sanitize data inputs.",Lenovo,Lenovo Xclarity Controller (xcc),6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2019-11-19T00:00:00.000Z,0