Skip to main content

Xclarity Administrator

21 CVEs product

Monthly

CVE-2024-45104 MEDIUM This Month

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45103 MEDIUM This Month

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3113 HIGH This Week

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Xclarity Administrator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-34422 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34421 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34420 HIGH This Week

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Xclarity Administrator
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-34418 HIGH This Week

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Xclarity Administrator
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2019-6182 MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2019-6181 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6180 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-6179 HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft VMware XXE +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6158 MEDIUM This Month

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-9066 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Code Injection Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-9065 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-9064 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-3764 MEDIUM PATCH This Month

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2017-3770 HIGH This Week

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-3763 MEDIUM This Month

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-3745 HIGH PATCH This Week

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lenovo Xclarity Administrator
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8233 CRITICAL PATCH Act Now

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lenovo Xclarity Administrator
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-8221 HIGH PATCH This Week

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).

Privilege Escalation Lenovo Xclarity Administrator
NVD
CVSS 3.0
7.0
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Xclarity Administrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Xclarity Administrator
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Xclarity Administrator
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft +4
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Code Injection Xclarity Administrator
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xclarity Administrator
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lenovo Xclarity Administrator
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lenovo Xclarity Administrator
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).

Privilege Escalation Lenovo Xclarity Administrator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy