Vulnerabilities > Lenovo > Thinkagile Vx3520 G Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-4607 | Unspecified vulnerability in Lenovo products An authenticated XCC user can change permissions for any user through a crafted API command. | 8.8 |
2023-05-01 | CVE-2023-0683 | Unspecified vulnerability in Lenovo products A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | 8.8 |
2023-05-01 | CVE-2023-25492 | Use of Externally-Controlled Format String vulnerability in Lenovo products A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | 8.8 |
2023-04-28 | CVE-2023-29057 | Unspecified vulnerability in Lenovo products A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. | 8.8 |