A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
oryginał ENCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NLenovo Thinkagile Hx1320
HWLenovowszystkie wersjeLenovo Thinkagile Hx1321
HWLenovowszystkie wersjeLenovo Thinkagile Hx1520 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx1521 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx2320 E
HWLenovowszystkie wersjeLenovo Thinkagile Hx2321
HWLenovowszystkie wersjeLenovo Thinkagile Hx3320
HWLenovowszystkie wersjeLenovo Thinkagile Hx3321
HWLenovowszystkie wersjeLenovo Thinkagile Hx3375
HWLenovowszystkie wersjeLenovo Thinkagile Hx3376
HWLenovowszystkie wersjeLenovo Thinkagile Hx3520 G
HWLenovowszystkie wersjeLenovo Thinkagile Hx3521 G
HWLenovowszystkie wersjeLenovo Thinkagile Hx5520
HWLenovowszystkie wersjeLenovo Thinkagile Hx5520 C
HWLenovowszystkie wersjeLenovo Thinkagile Hx5521
HWLenovowszystkie wersjeLenovo Thinkagile Hx5521 C
HWLenovowszystkie wersjeLenovo Thinkagile Hx7520
HWLenovowszystkie wersjeLenovo Thinkagile Hx7521
HWLenovowszystkie wersjeLenovo Thinkagile Hx7820
HWLenovowszystkie wersjeLenovo Thinkagile Hx7821
HWLenovowszystkie wersjeLenovo Thinkagile Mx1021
HWLenovowszystkie wersjeLenovo Thinkagile Vx2320
HWLenovowszystkie wersjeLenovo Thinkagile Vx3320
HWLenovowszystkie wersjeLenovo Thinkagile Vx3520 G
HWLenovowszystkie wersjeLenovo Thinkagile Vx5520
HWLenovowszystkie wersjeLenovo Thinkagile Vx7320 N
HWLenovowszystkie wersjeLenovo Thinkagile Vx7520
HWLenovowszystkie wersjeLenovo Thinkagile Vx7520 N
HWLenovowszystkie wersjeLenovo Thinkstation P920
HWLenovowszystkie wersjeLenovo Thinksystem Sd650
HWLenovowszystkie wersje
Powiązane podatności
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may man...
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...
An authenticated XCC user can change permissions for any user through a crafted API command.
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...