LXCA
by Lenovo
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45102 | Med | 0.44 | 6.8 | 0.00 | Jan 14, 2025 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | ||
| CVE-2023-34422 | 0.00 | — | 0.00 | Jun 26, 2023 | A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | |||
| CVE-2023-34418 | 0.00 | — | 0.01 | Jun 26, 2023 | A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | |||
| CVE-2023-3113 | 0.00 | — | 0.01 | Jun 26, 2023 | An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. |
- risk 0.44cvss 6.8epss 0.00
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
- CVE-2023-34422Jun 26, 2023risk 0.00cvss —epss 0.00
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
- CVE-2023-34418Jun 26, 2023risk 0.00cvss —epss 0.01
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
- CVE-2023-3113Jun 26, 2023risk 0.00cvss —epss 0.01
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.