CVE-2023-4605 - OpenCVE

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-136592

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2024-04-05T20:44:43.105Z

Updated: 2024-04-05T20:44:43.105Z

Reserved: 2023-08-29T15:54:52.890Z

Link: CVE-2023-4605

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-05T21:15:08.003

Modified: 2024-04-08T18:49:25.863

Link: CVE-2023-4605

JSON object: View

Redhat Information

No data.

CWE

CWE-497

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4605", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-08-29T15:54:52.890Z", "datePublished": "2024-04-05T20:44:43.105Z", "dateUpdated": "2024-04-05T20:44:43.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XClarity Administrator", "vendor": "Lenovo ", "versions": [{"lessThan": "3.6.28", "status": "affected", "version": " ", "versionType": "custom"}, {"lessThan": "4.0.24", "status": "affected", "version": " ", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.</span>\n\n"}], "value": "\nA valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2024-04-05T20:44:43.105Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-136592"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Update to the Lenovo XClarity Administrator (LXCA) version (or higher) as recommended in the advisory: <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-136592\">https://support.lenovo.com/us/en/product_security/LEN-136592</a></p><p>Follow general security best practices, such as limiting access to only trusted users within the environment. </p><p>Only grant LXCA remote console/mount privileges to trusted administrative users.</p>"}], "value": "\nUpdate to the Lenovo XClarity Administrator (LXCA) version (or higher) as recommended in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-136592 \n\nFollow general security best practices, such as limiting access to only trusted users within the environment. \n\nOnly grant LXCA remote console/mount privileges to trusted administrative users.\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}