Xclarity Integrator For Microsoft Windows Admin Center
Monthly
PowerShell command injection in Lenovo XClarity Integrator for Microsoft Windows Admin Center (versions 5.1.1 and below) running on the WAC Gateway allows an authenticated low-privileged attacker to inject arbitrary PowerShell commands when the plugin establishes remote PowerShell sessions. Successful exploitation yields high-impact code execution that extends beyond the plugin into subsequent systems (managed hosts), with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
PowerShell command injection in Lenovo XClarity Integrator for Microsoft Windows Admin Center (versions 5.1.1 and below) running on the WAC Gateway allows an authenticated low-privileged attacker to inject arbitrary PowerShell commands when the plugin establishes remote PowerShell sessions. Successful exploitation yields high-impact code execution that extends beyond the plugin into subsequent systems (managed hosts), with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.