CVE-2024-38508

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Controller (XCC) (affected versions not specified)

Description A privilege escalation issue was found in the web interface or SSH captive command shell interface of XCC. This could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. The issue is related to the failure to neutralize special elements, which could enable a remote attacker to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.