Vulnerabilities > Lenovo > Thinkagile Mx1021 ON Se350 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-4607 Improper Privilege Management vulnerability in Lenovo products
An authenticated XCC user can change permissions for any user through a crafted API command.
network
low complexity
lenovo CWE-269
8.8
2023-05-01 CVE-2023-0683 Unspecified vulnerability in Lenovo products
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
network
low complexity
lenovo
8.8
2023-05-01 CVE-2023-25492 Use of Externally-Controlled Format String vulnerability in Lenovo products
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
network
low complexity
lenovo CWE-134
8.8
2023-04-28 CVE-2023-29057 Unspecified vulnerability in Lenovo products
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations.
network
low complexity
lenovo
8.8