CVE-2023-4605

EUVD-2023-54458
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lenovoxclarity_administrator
𝑥
< 3.6.28
ADP
lenovoxclarity_administrator
𝑥
< 4.0.24
ADP
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-136592
https://support.lenovo.com/us/en/product_security/LEN-136592