Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
Lenovo XClarity Controller 安全漏洞
Vulnerability Description
Lenovo XClarity Controller(XCC)是中国联想(Lenovo)公司的一款服务器嵌入式管理引擎,它主要用于标准化和自动化基础服务器管理任务。 Lenovo XClarity Controller存在安全漏洞,该漏洞源于具有只读权限且经过身份验证的有效XCC用户可以通过XCC CLI修改其他用户帐户的自定义用户角色和用户侵入消息。
CVSS Information
N/A
Vulnerability Type
N/A