A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xclarity_administrator | Lenovo | * | 4.1.0 (excluding) |