First published: Fri Sep 13 2024(Updated: )
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo XClarity Administrator | <4.1.0 |
Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-154748
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.