Lenovo Xclarity Administrator — known CVE vulnerabilities
Every CVE whose affected-product data names Lenovo Xclarity Administrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2017-17833 — CVSS 9.8 (critical): OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a…
CVE-2016-8233 — CVSS 9.8 (critical): Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear…
CVE-2018-9066 — CVSS 8.8 (high): In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject…
CVE-2018-9064 — CVSS 8.8 (high): In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the…
CVE-2017-3770 — CVSS 8.8 (high): Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web…
CVE-2019-6158 — CVSS 8.7 (high): An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in…
CVE-2023-3113 — CVSS 8.2 (high): An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could…
CVE-2023-34418 — CVSS 8.1 (high): A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection…
CVE-2019-19756 — CVSS 7.9 (high): An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver…
CVE-2017-3745 — CVSS 7.8 (high): In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to…
CVE-2019-6179 — CVSS 7.5 (high): An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo…
CVE-2018-9065 — CVSS 7.5 (high): In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be…
CVE-2019-6193 — CVSS 7.5 (high): An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow…
CVE-2023-34420 — CVSS 7.2 (high): A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web…
CVE-2016-8221 — CVSS 7.0 (high): Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded…
CVE-2017-3763 — CVSS 6.7 (medium): An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA…
CVE-2023-34422 — CVSS 6.5 (medium): A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically…
CVE-2023-34421 — CVSS 6.5 (medium): A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API…
CVE-2024-45104 — CVSS 6.3 (medium): A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device…
CVE-2019-6181 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that…
CVE-2019-6194 — CVSS 5.7 (medium): An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that…
CVE-2019-19757 — CVSS 5.4 (medium): An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site…
CVE-2017-3764 — CVSS 5.3 (medium): A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to…
CVE-2020-8355 — CVSS 4.9 (medium): An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials…
CVE-2019-6182 — CVSS 4.9 (medium): A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an…
CVE-2019-6180 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could…
CVE-2024-45103 — CVSS 4.3 (medium): A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient…