Xclarity administrator

This hub aggregates every CVE we track for Xclarity administrator, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Xclarity administrator.

• CVE-2024-45102A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On ...6.8Jan 14, 2025
• CVE-2024-45104A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.6.3Sep 13, 2024
• CVE-2024-45103A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.4.3Sep 13, 2024
• CVE-2024-45101A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convi...6.8Sep 13, 2024
• CVE-2023-4605 A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. 6.5Apr 5, 2024
• CVE-2023-34422A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.6.5Jun 26, 2023
• CVE-2023-34421A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.6.5Jun 26, 2023
• CVE-2023-34420A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.7.2Jun 26, 2023
• CVE-2023-34418A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.8.1Jun 26, 2023
• CVE-2023-3113An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.8.2Jun 26, 2023
• CVE-2020-8355An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of manage...4.9Feb 10, 2021
• CVE-2019-19756An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear...7.9Mar 13, 2020
• CVE-2019-6194An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.5.7Feb 14, 2020
• CVE-2019-6193An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may co...7.5Feb 14, 2020
• CVE-2019-19757An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could al...5.4Feb 14, 2020