cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45102,https://securityvulnerability.io/vulnerability/CVE-2024-45102,Privilege Escalation in Lenovo XClarity Administrator for SSO Integration,"A privilege escalation vulnerability allows validated LXCA users to unintentionally elevate their permissions within connected XCC instances while using LXCA as a Single Sign-On (SSO) provider. This flaw could enable unauthorized access to sensitive features, potentially compromising the security posture of the affected systems.",Lenovo,Xclarity Administrator,6.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-14T22:15:00.000Z,0
CVE-2024-45104,https://securityvulnerability.io/vulnerability/CVE-2024-45104,LXCA Managed Device Vulnerability,"A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.",Lenovo,Xclarity Administrator,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-13T17:28:55.910Z,0
CVE-2024-45103,https://securityvulnerability.io/vulnerability/CVE-2024-45103,Unmanaging LXCA Managed Devices through Web Interface,"A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.",Lenovo,Xclarity Administrator,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-13T17:28:26.004Z,0
CVE-2024-45101,https://securityvulnerability.io/vulnerability/CVE-2024-45101,Privilege Escalation Vulnerability in LXCA with SSO Enabled,"A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.",Lenovo,Xclarity Administrator,6.8,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-13T17:27:56.092Z,0
CVE-2023-4605,https://securityvulnerability.io/vulnerability/CVE-2023-4605,Unauthenticated API Endpoint Vulnerability in Lenovo XClarity Administrator,"
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

",Lenovo,Xclarity Administrator,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-05T21:15:00.000Z,0
CVE-2023-34420,https://securityvulnerability.io/vulnerability/CVE-2023-34420,Command Injection Vulnerability in Lenovo XClarity Administrator Web API,"A command injection vulnerability exists in the Lenovo XClarity Administrator web API, which can be exploited by an authenticated user with elevated privileges. This vulnerability allows attackers to execute arbitrary commands through specially crafted API calls, potentially compromising the integrity and security of the system. Organizations using Lenovo XClarity Administrator should review their security configurations and apply necessary mitigations to prevent exploitation. For more information, visit the Lenovo support page.",Lenovo,Lenovo Xclarity Administrator,7.2,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-3113,https://securityvulnerability.io/vulnerability/CVE-2023-3113,Unauthenticated XML External Entity Injection in Lenovo's CIM Server,"An unauthenticated XML External Entity Injection vulnerability has been identified in Lenovo's Common Information Model (CIM) server. This issue allows attackers to exploit the server in order to gain read-only access to sensitive files, potentially exposing critical data. The vulnerability arises from improper validation of XML input, which could be manipulated to disclose confidential information. Managing this risk requires prompt patching and adherence to security best practices.",Lenovo,Lenovo Xclarity Administrator,8.2,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34422,https://securityvulnerability.io/vulnerability/CVE-2023-34422,Input Validation Flaw in Lenovo's Solution for Enhanced Management,"A valid user of Lenovo's XClarity Administrator (LXCA) with elevated privileges may exploit insufficient input validation to delete folders in the LXCA filesystem. This is achieved through a specifically crafted web API call, creating potential risks for data integrity and system stability.",Lenovo,Lenovo Xclarity Administrator,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34421,https://securityvulnerability.io/vulnerability/CVE-2023-34421,Insufficient Input Validation in Lenovo LXCA Affects Data Integrity,"An authenticated user with elevated privileges in Lenovo's LXCA can exploit a security flaw allowing them to execute a specifically crafted web API call, leading to unintended modifications of filesystem data. This vulnerability stems from inadequate validation of input, potentially compromising the integrity of the system.",Lenovo,Lenovo Xclarity Administrator,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-34418,https://securityvulnerability.io/vulnerability/CVE-2023-34418,SQL Injection Vulnerability in Lenovo's LXCA Management System,"A valid, authenticated user of Lenovo's XClarity Administrator (LXCA) may exploit a SQL injection vulnerability in a specific web API. This flaw could allow unauthorized access to sensitive events and data stored within LXCA, potentially leading to significant data breaches and unauthorized manipulations of the system. It is crucial for users to be aware of this vulnerability and to apply recommended security updates to mitigate any risks associated with this issue.",Lenovo,Lenovo Xclarity Administrator,8.1,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2020-8355,https://securityvulnerability.io/vulnerability/CVE-2020-8355,Windows OS Credentials Exposure in Lenovo XClarity Administrator,"Lenovo XClarity Administrator prior to version 3.1.0 contains a vulnerability that results in the exposure of Windows OS credentials. During driver updates of managed systems, these credentials may be captured in the First Failure Data Capture (FFDC) service log. This log is generated at the request of a privileged user and is only accessible to that user. However, if generated while updates are occurring, sensitive data may be inadvertently saved and later accessed before deletion.",Lenovo,Xclarity Administrator,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-02-10T00:00:00.000Z,0
CVE-2019-19756,https://securityvulnerability.io/vulnerability/CVE-2019-19756,Clear Text Exposure in Lenovo XClarity Administrator's Log Files,"An internal audit revealed that Lenovo XClarity Administrator version 2.6.0 improperly logs Windows OS credentials in clear text during driver updates. This flaw allows authorized users with access to the First Failure Data Capture (FFDC) service logs to potentially view sensitive information. The exposure occurs specifically in the logs related to the update process, posing a risk of unauthorized access to critical system credentials.",Lenovo,Xclarity Administrator (lxca),7.9,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-13T00:00:00.000Z,0
CVE-2019-6194,https://securityvulnerability.io/vulnerability/CVE-2019-6194,XML External Entity Vulnerability in Lenovo XClarity Administrator,"An XML External Entity (XXE) processing vulnerability has been identified in Lenovo XClarity Administrator, versions earlier than 2.6.6. This vulnerability could potentially allow an attacker to exploit XML parsing in order to gain unauthorized access to sensitive information, posing a significant security risk to affected systems.",Lenovo,Xclarity Administrator (lxca),5.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-19757,https://securityvulnerability.io/vulnerability/CVE-2019-19757,Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A cross-site scripting vulnerability was identified in Lenovo XClarity Administrator (LXCA) due to improper handling of document object model (DOM) elements. This issue affects versions prior to 2.6.6, allowing attackers to execute malicious JavaScript code in the web browser of a user who clicks a specially crafted link. The code's execution occurs on the user's local system rather than the LXCA server, emphasizing the need for users to remain vigilant about the links they visit.",Lenovo,Xclarity Administrator (lxca),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-6193,https://securityvulnerability.io/vulnerability/CVE-2019-6193,Information Disclosure Vulnerability in Lenovo XClarity Administrator,"An information disclosure vulnerability in Lenovo XClarity Administrator versions prior to 2.6.6 allows unauthenticated users to access sensitive configuration files. These files may expose critical information, including usernames, license keys, IP addresses, and encrypted password hashes, potentially compromising system security and user privacy.",Lenovo,Xclarity Administrator (lxca),7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-02-14T00:00:00.000Z,0
CVE-2019-6179,https://securityvulnerability.io/vulnerability/CVE-2019-6179,XML External Entity Processing Vulnerability in Lenovo XClarity Products,"A vulnerability related to XML External Entity (XXE) processing was identified in Lenovo's XClarity Administrator and Integrator products. This vulnerability could allow attackers to exploit the way XML data is parsed, potentially leading to the disclosure of sensitive information. Affected products include Lenovo XClarity Administrator versions prior to 2.5.0, Lenovo XClarity Integrator for Microsoft System Center versions prior to 7.7.0, and Lenovo XClarity Integrator for VMware vCenter versions prior to 6.1.0. It is crucial for users to update their systems to mitigate the risk associated with this vulnerability.",Lenovo,"Xclarity Administrator (lxca),Xclarity Integrator (lxci) For Microsoft System Center,Xclarity Integrator (lxci) For Vmware Vcenter",5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6181,https://securityvulnerability.io/vulnerability/CVE-2019-6181,Reflected Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A reflected cross-site scripting vulnerability exists in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0. This flaw may allow an attacker to craft a malicious URL that, when accessed by a user, can execute arbitrary JavaScript code within the user's web browser. It is important to note that the JavaScript code is not executed on the LXCA system itself but can compromise the user's session or data.",Lenovo,Xclarity Administrator (lxca),6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6180,https://securityvulnerability.io/vulnerability/CVE-2019-6180,Stored Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator,"A stored cross-site scripting vulnerability exists in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0, allowing an administrative user to inject malicious JavaScript code. This code is stored within LXCA and can be executed in the web browsers of other users accessing the application. It poses a risk as the scripted content could potentially compromise user actions and lead to unauthorized access.",Lenovo,Xclarity Administrator (lxca),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6182,https://securityvulnerability.io/vulnerability/CVE-2019-6182,Stored CSV Injection in Lenovo XClarity Administrator,"A stored CSV Injection vulnerability exists in Lenovo XClarity Administrator which affects versions prior to 2.5.0. This issue allows administrative users to inject malformed data into LXCA Jobs and Event Log data. Consequently, this may lead to the creation of crafted formulas that are stored within exported CSV files. It is important to note that these crafted formulas do not execute on the LXCA platform itself, posing a risk mainly upon exporting the data.",Lenovo,Xclarity Administrator (lxca),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-09-03T00:00:00.000Z,0
CVE-2019-6158,https://securityvulnerability.io/vulnerability/CVE-2019-6158,Sensitive Credential Exposure in Lenovo XClarity Administrator,"An internal security audit of Lenovo XClarity Administrator (LXCA) revealed that HTTP proxy credentials can be stored in clear text within log files, exposing sensitive information when configured. This vulnerability affects LXCA versions from 2.0.0 through 2.3.x, potentially allowing unauthorized access to these credentials if proper security measures are not in place.",Lenovo,Lenovo Xclarity Administrator,8.7,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2019-05-02T00:00:00.000Z,0
CVE-2018-9064,https://securityvulnerability.io/vulnerability/CVE-2018-9064,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.",Lenovo,Lenovo Xclarity Administrator,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2018-9065,https://securityvulnerability.io/vulnerability/CVE-2018-9065,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.",Lenovo,Lenovo Xclarity Administrator,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2018-9066,https://securityvulnerability.io/vulnerability/CVE-2018-9066,,"In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.",Lenovo,Lenovo Xclarity Administrator,8.8,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2018-07-30T16:29:00.000Z,0
CVE-2017-3764,https://securityvulnerability.io/vulnerability/CVE-2017-3764,,A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.,Lenovo,Xclarity Administrator,5.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2017-11-30T00:00:00.000Z,0
CVE-2017-3763,https://securityvulnerability.io/vulnerability/CVE-2017-3763,,An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.,Lenovo,Lenovo Xclarity Administrator (lxca),6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-09-22T14:29:00.000Z,0