CVE-2023-34418: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection...

8.1 CVSS

Description

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

Classification

CVE ID: CVE-2023-34418

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

Affected Products

Vendor: Lenovo

Product: Lenovo XClarity Administrator

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 38.01% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.lenovo.com/us/en/product_security/LEN-98715

Timeline

2024-12-04 00:11:13 UTC
CVE

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection...