{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-34888","assignerOrgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","state":"PUBLISHED","assignerShortName":"lenovo","dateReserved":"2022-06-30T19:42:17.792Z","datePublished":"2023-01-30T21:41:15.774Z","dateUpdated":"2025-03-27T18:51:27.992Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Lenovo XClarity Controller","vendor":"Lenovo","versions":[{"status":"affected","version":"various"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect."}],"value":"The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-184","description":"CWE-184: Incomplete List of Disallowed Inputs","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","shortName":"lenovo","dateUpdated":"2023-01-30T21:41:15.774Z"},"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-87734"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734."}],"value":"Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734."}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:22:10.892Z"},"title":"CVE Program Container","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-87734","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-27T18:51:20.378498Z","id":"CVE-2022-34888","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T18:51:27.992Z"}}]}}