CVE-2023-29056 Information

Description

A valid LDAP user under specific conditions will default to read-only permissions when authenticating into XCC. To be vulnerable XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.

Reference

https://support.lenovo.com/us/en/product_security/LEN-118321