Summary Multiple Vulnerabilities in XClarity Controller (XCC) affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-4607 DESCRIPTION: **Lenovo XClarity Controller (XCC) could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted API command, an attacker could exploit this vulnerability to change permissions for any user. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266004 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: CVE-2023-25492 DESCRIPTION: **Lenovo XClarity Controller (XCC) is vulnerable to a denial of service, caused by a format string injection flaw in the XCC web user interface. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250234 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2023-25495 DESCRIPTION: **Lenovo XClarity Controller (XCC) could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the web interface API. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain the…Read More