Known Vulnerabilities
CVE-2024-45104
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
MEDIUM
CVSS 6.3
Published Sep 13, 2024
CVE-2024-45103
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
MEDIUM
CVSS 4.3
Published Sep 13, 2024
CVE-2024-45101
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
MEDIUM
CVSS 6.8
Published Sep 13, 2024