Command Injection Vulnerability in Lenovo xClarity Administrator

Command Injection Vulnerability in Lenovo xClarity Administrator

CVE-2018-9066 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

Learn more about our Web App Pen Testing.