CVE-2023-4605 MEDIUM

CVE-2023-4605

Vendor Lenovo
Product XClarity Administrator
Weakness CWE-497
Published April 5, 2024
Last update August 12, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

Key dates

02Disclosure timeline

April 5, 2024 CVE published
August 12, 2024 Record updated