High severity7.3NVD Advisory· Published Apr 28, 2023· Updated Jun 17, 2026
CVE-2023-29057
CVE-2023-29057
Description
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
Affected products
2- Range: Refer to Mitigation strategy section in LEN-118321
Patches
Vulnerability mechanics
References
1- support.lenovo.com/us/en/product_security/LEN-118321nvdVendor Advisory
News mentions
0No linked articles in our index yet.