A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.