This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to an authorization bypass issue. A remote authenticated attacker on the local network can gain read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out.Mitigation
Install updates from vendor's website.Vulnerable software versions
Lenovo XClarity Controller (XCC): 1.02 - 3.00
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.