Vulnerability CVE-2023-4606
Published: 2023-10-25

Description:
An authenticated XCC user with Read-Only permission can change a different user??s password through a crafted API command.  

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Type:

CWE-862

 (Missing Authorization)

 References:
https://support.lenovo.com/us/en/product_security/LEN-140960
Copyright 2026, cxsecurity.com

 

Back to Top