漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
未保护的候选通道
Vulnerability Title
Lenovo XClarity Orchestrator 安全漏洞
Vulnerability Description
Lenovo XClarity Orchestrator是中国联想(Lenovo)公司的一个应用软件。为包含大量设备的环境提供集中监控、管理和分析。 Lenovo XClarity Orchestrator存在安全漏洞,该漏洞源于本地网络段攻击者可创建备用通信通道,可能导致未经授权访问内部功能或数据。
CVSS Information
N/A
Vulnerability Type
N/A