First published: Mon May 01 2023(Updated: )
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1321 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1520-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1521-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2320-e | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2321 | ||
<2.93_afbt30p | ||
=2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3321 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
<4.71_d8bt48p | ||
Lenovo Thinkagile Hx3375 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3376 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3520-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3521-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3720 | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520-c | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5521 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx5521-c | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx7520 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx7521 | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<2.75_psi348s | ||
Lenovo Thinkagile Hx7820 | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx7821 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Mx1020 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<2.75_psi348s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx2320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3520-g | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx5520 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7320 N | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 N | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<1.60_usx324o | ||
Lenovo Thinkstation P920 Firmware | <8.88_cdi3a4a | |
Lenovo Thinkstation P920 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd530 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd650 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Se350 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn550 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn850 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr150 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr158 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr530 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr550 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr570 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr590 | ||
Lenovo Thinksystem Sr630 Firmware | <8.88_cdi3a4a | |
Lenovo Thinksystem Sr630 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr645 | ||
<4.71_d8bt48p | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr650 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr665 | ||
<4.71_d8bt48p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr670 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr860 | ||
<2.60_tgbt42h | ||
<2.75_psi348s | ||
Lenovo Thinksystem Sr950 | ||
<3.72_tei388s | ||
Lenovo Thinksystem St250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem St258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem St550 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.