Lenovo xclarity controller (xcc)
This hub aggregates every CVE we track for Lenovo xclarity controller (xcc), a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Lenovo xclarity controller (xcc).
- CVE-2023-4608An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSyste...4.1
- CVE-2023-4607An authenticated XCC user can change permissions for any user through a crafted API command.7.5
- CVE-2023-4606An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 ...8.1
- CVE-2019-6187A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain ...6.5
Product normalization is registry-driven with AI assist and human review. How it works