CVE-2024-38511

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers (affected versions not specified)

Description The issue is related to a lack of neutralization of special elements, which could allow a remote attacker to execute arbitrary commands using specially crafted files. It is a privilege escalation vulnerability discovered in the upload processing functionality of XCC, allowing an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.