{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T18:04:11.997","vulnerabilities":[{"cve":{"id":"CVE-2024-38511","sourceIdentifier":"psirt@lenovo.com","published":"2024-07-26T20:15:04.263","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads."},{"lang":"es","value":" Se descubrió una vulnerabilidad de escalada de privilegios en una funcionalidad de procesamiento de carga de XCC que podría permitir a un usuario de XCC autenticado con privilegios elevados realizar inyección de comandos mediante cargas de archivos especialmente manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@lenovo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}