Lenovo Xclarity Administrator
6 CVEs affecting Lenovo Xclarity Administrator. Latest disclosed: 2025-01-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-45102 | Medium | 6.8 | 2025-01-14 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instanc… |
CVE-2024-45101 | Medium | 6.8 | 2024-09-13 | A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA… |
CVE-2023-4605 | Medium | 6.5 | 2024-04-05 | A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information… |
CVE-2024-45104 | Medium | 6.3 | 2024-09-13 | A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially cr… |
CVE-2020-8355 | Medium | 4.9 | 2021-02-10 | An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA us… |
CVE-2024-45103 | Medium | 4.3 | 2024-09-13 | A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. |