Primary

Context

Lenovo XClarity Administrator Privilege Escalation Vulnerability via Single Sign-On

Vulnerability

Patched

A privilege escalation vulnerability exists in Lenovo XClarity Administrator (LXCA) versions prior to 4.1. When LXCA is used as a Single Sign-On (SSO) provider for XCC instances, a valid, authenticated LXCA user could escalate permissions for a connected XCC instance.

Impact

Exploitation of this vulnerability could allow an authenticated LXCA user to gain elevated permissions on a connected XCC instance, potentially leading to unauthorized actions or access.

Remediation

Users are advised to update Lenovo XClarity Administrator to version 4.1 or later. For guidance on updating LXCA, refer to the Lenovo XClarity Update Management documentation.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo XClarity Administrator Privilege Escalation Vulnerability via Single Sign-On

Vulnerability

Impact

Remediation

Affected Products

Lenovo XClarity Administrator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating