Lenovo xclarity administrator

This hub aggregates every CVE we track for Lenovo xclarity administrator, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Lenovo xclarity administrator.

• CVE-2023-34422A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.6.5Jun 26, 2023
• CVE-2023-34421A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.6.5Jun 26, 2023
• CVE-2023-34420A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.7.2Jun 26, 2023
• CVE-2023-34418A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.8.1Jun 26, 2023
• CVE-2023-3113An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.8.2Jun 26, 2023
• CVE-2019-6158An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy creden...8.7May 3, 2019
• CVE-2018-9066In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can resul...8.8Jul 30, 2018
• CVE-2018-9064In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.8.8Jul 30, 2018
• CVE-2018-9065In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service...7.5Jul 30, 2018