Description
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High
Affected products
- Lenovo / XClarity ControllerSee product security advisory below – See product security advisory below