{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:52:26.229","vulnerabilities":[{"cve":{"id":"CVE-2024-38508","sourceIdentifier":"psirt@lenovo.com","published":"2024-07-26T20:15:03.597","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request."},{"lang":"es","value":" Se descubrió una vulnerabilidad de escalada de privilegios en la interfaz web o en la interfaz de shell de comandos cautivos SSH de XCC que podría permitir a un usuario de XCC autenticado con privilegios elevados realizar la inyección de comandos a través de una solicitud especialmente manipulada."}],"metrics":{"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@lenovo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}