Login Sign Up

CVE-2023-3113

8.2 HIGH
XXE

📋 TL;DR

An unauthenticated XML external entity injection (XXE) vulnerability in Lenovo XClarity Administrator's CIM server allows attackers to read specific files without authentication. This affects organizations using Lenovo XClarity Administrator for infrastructure management. The vulnerability enables limited file disclosure but not full system compromise.

💻 Affected Systems

Products:
  • Lenovo XClarity Administrator (LXCA)
Versions: All versions prior to 5.5.2
Operating Systems: Linux-based appliance
Default Config Vulnerable: ⚠️ Yes
Notes: CIM server component specifically affected; requires network access to the LXCA appliance.

📦 What is this software?

Xclarity Administrator by Lenovo

View all CVEs affecting Xclarity Administrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, potentially obtaining credentials, system information, or other confidential data that could facilitate further attacks.

🟠

Likely Case

Unauthenticated attackers reading specific files containing system information or configuration details, potentially enabling reconnaissance for follow-up attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the CIM server.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XXE vulnerabilities typically have low exploitation complexity; unauthenticated nature increases risk.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LXCA 5.5.2

Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-98715

Restart Required: Yes

Instructions:

1. Download LXCA 5.5.2 from Lenovo support portal. 2. Backup current configuration. 3. Apply update through LXCA web interface. 4. Restart appliance as prompted.

🔧 Temporary Workarounds

Disable CIM server

all

Temporarily disable the vulnerable CIM server component if not required

Specific commands not provided in advisory; disable via LXCA web interface under CIM server settings

Network segmentation

linux

Restrict network access to LXCA CIM server ports

firewall-cmd --permanent --remove-service=cim-server
systemctl restart firewalld

🧯 If You Can't Patch

  • Implement strict network access controls to prevent external access to LXCA CIM server
  • Monitor for unusual XML parsing activity or file access attempts on the LXCA appliance

🔍 How to Verify

Check if Vulnerable:

Check LXCA version via web interface or SSH: cat /etc/os-release | grep VERSION

Check Version:

ssh admin@lxca-host 'cat /etc/os-release | grep VERSION'

Verify Fix Applied:

Confirm version is 5.5.2 or later and test XXE payloads no longer work

📡 Detection & Monitoring

Log Indicators:

  • Unusual XML parsing errors in CIM server logs
  • Multiple failed authentication attempts to CIM server

Network Indicators:

  • External IP addresses accessing CIM server port (default 5989)
  • XML payloads with external entity references

SIEM Query:

source="lxca-logs" AND ("CIM" OR "5989") AND ("XXE" OR "external entity" OR "DOCTYPE")

📊 Metadata

CVE ID: CVE-2023-3113
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-611
Published: June 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3113, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)