Vulnerabilities > Lenovo > Thinkagile HX Enclosure Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2023-25495 Insufficiently Protected Credentials vulnerability in Lenovo products
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations.
network
low complexity
lenovo CWE-522
4.9
2023-04-28 CVE-2023-29056 Unspecified vulnerability in Lenovo products
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC.
network
high complexity
lenovo
5.9
2023-04-28 CVE-2023-29058 Unspecified vulnerability in Lenovo products
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI.
network
low complexity
lenovo
6.5