nvd-json-data-feeds/CVE-2024/CVE-2024-385xx/CVE-2024-38511.json

{
  "id": "CVE-2024-38511",
  "sourceIdentifier": "psirt@lenovo.com",
  "published": "2024-07-26T20:15:04.263",
  "lastModified": "2024-11-21T09:26:07.767",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads."
    },
    {
      "lang": "es",
      "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en una funcionalidad de procesamiento de carga de XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados realizar inyecci\u00f3n de comandos mediante cargas de archivos especialmente manipuladas."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@lenovo.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@lenovo.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.lenovo.com/us/en/product_security/LEN-156781",
      "source": "psirt@lenovo.com"
    },
    {
      "url": "https://support.lenovo.com/us/en/product_security/LEN-156781",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}