First published: Fri Apr 28 2023(Updated: )
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1321 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1520-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx1521-r | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2320-e | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx2321 | ||
<2.93_afbt30p | ||
=2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3320 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3321 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
<4.71_d8bt48p | ||
Lenovo Thinkagile Hx3375 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3376 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx3520-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3521-g | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx3720 | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5520-c | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx5521 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx5521-c | ||
<8.88_cdi3a4a | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Hx7520 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Hx7521 | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<2.75_psi348s | ||
Lenovo Thinkagile Hx7820 | ||
<3.72_tei388s | ||
Lenovo Thinkagile Hx7821 | ||
<2.93_afbt30p | ||
Lenovo Thinkagile Mx1020 | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<3.72_tei388s | ||
<2.75_psi348s | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx2320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3320 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx3520-g | ||
<2.93_afbt30p | ||
<3.72_tei388s | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx5520 | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7320 N | ||
<2.93_afbt30p | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 | ||
<8.88_cdi3a4a | ||
Lenovo Thinkagile Vx7520 N | ||
<2.93_afbt30p | ||
<2.93_afbt30p | ||
<2.75_psi348s | ||
<1.60_usx324o | ||
Lenovo Thinkstation P920 Firmware | <8.88_cdi3a4a | |
Lenovo Thinkstation P920 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd530 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sd650 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Se350 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn550 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sn850 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr150 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr158 | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr530 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr550 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr570 | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr590 | ||
Lenovo Thinksystem Sr630 Firmware | <8.88_cdi3a4a | |
Lenovo Thinksystem Sr630 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr645 | ||
<4.71_d8bt48p | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem Sr650 | ||
<2.93_afbt30p | ||
<4.71_d8bt48p | ||
Lenovo Thinksystem Sr665 | ||
<4.71_d8bt48p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr670 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr850p | ||
<3.72_tei388s | ||
Lenovo Thinksystem Sr860 | ||
<2.60_tgbt42h | ||
<2.75_psi348s | ||
Lenovo Thinksystem Sr950 | ||
<3.72_tei388s | ||
Lenovo Thinksystem St250 | ||
<2.60_tgbt42h | ||
<3.72_tei388s | ||
Lenovo Thinksystem St258 | ||
<2.60_tgbt42h | ||
<8.88_cdi3a4a | ||
Lenovo Thinksystem St550 | ||
<2.60_tgbt42h | ||
<2.60_tgbt42h | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.