CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

Published : 2018-07-30 16:29 Updated : 2019-10-03 00:03

9.0
CVSS Score More info
Score 9.0 / 10
9.0
Vendor Product Version URI
Lenovo Xclarity Administrator 2.0.0 cpe:/a:lenovo:xclarity_administrator:2.0.0
Lenovo Xclarity Administrator 1.0.1 cpe:/a:lenovo:xclarity_administrator:1.0.1
Lenovo Xclarity Administrator 1.0.3 cpe:/a:lenovo:xclarity_administrator:1.0.3
Lenovo Xclarity Administrator 1.1.0 cpe:/a:lenovo:xclarity_administrator:1.1.0
Lenovo Xclarity Administrator 1.1.1 cpe:/a:lenovo:xclarity_administrator:1.1.1
Lenovo Xclarity Administrator 1.2.1 cpe:/a:lenovo:xclarity_administrator:1.2.1
Lenovo Xclarity Administrator 1.2.2 cpe:/a:lenovo:xclarity_administrator:1.2.2
Lenovo Xclarity Administrator 1.3.0 cpe:/a:lenovo:xclarity_administrator:1.3.0
Lenovo Xclarity Administrator 1.3.1 cpe:/a:lenovo:xclarity_administrator:1.3.1
Lenovo Xclarity Administrator 1.3.2 cpe:/a:lenovo:xclarity_administrator:1.3.2
Lenovo Xclarity Administrator 1.4.0 cpe:/a:lenovo:xclarity_administrator:1.4.0
  1. Lenovo (1) Search CVE
    1. Xclarity Administrator (11) Search CVE
      1. 2.0.0
      2. 1.0.1
      3. 1.0.3
      4. 1.1.0
      5. 1.1.1
      6. 1.2.1
      7. 1.2.2
      8. 1.3.0
      9. 1.3.1
      10. 1.3.2
      11. 1.4.0

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-03 00:03
2018-10-03 16:21
2018-07-30 16:29

New CVE