VYPR

LXCA

by Lenovo

CVEs (4)

  • CVE-2024-45102MedJan 14, 2025
    risk 0.44cvss 6.8epss 0.00

    A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.

  • CVE-2023-34422Jun 26, 2023
    risk 0.00cvss epss 0.00

    A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

  • CVE-2023-34418Jun 26, 2023
    risk 0.00cvss epss 0.01

    A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

  • CVE-2023-3113Jun 26, 2023
    risk 0.00cvss epss 0.01

    An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.