CVE-2023-4607 Information

Description

An authenticated XCC user can change permissions for any user through a crafted API command.

Reference

https://support.lenovo.com/us/en/product_security/LEN-140960