Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

Published

2024-09-13T18:15:05.087

Last Modified

2024-12-13T19:19:54.233

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-282
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lenovo	xclarity_administrator	< 4.1.0	Yes

References

https://support.lenovo.com/us/en/product_security/LEN-154748 Vendor Advisory ([email protected])