{"cve":{"cve_id":"CVE-2023-29058","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0036,"epss_percentile":0.27749,"epss_as_of":"2026-06-23","description":"A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.","published_at":"2023-04-28T20:47:46.172000Z","last_modified_at":null,"cvss_v3_score":6.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-276"],"nvd_references":["https://support.lenovo.com/us/en/product_security/LEN-118321"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:29:15.447901Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"lenovo","vendor_name":"Lenovo","product_slug":"xclarity-controller","product_name":"XClarity Controller","version_start":"Refer to Mitigation strategy section in LEN-118321","version_start_inclusive":true,"version_end":"Refer to Mitigation strategy section in LEN-118321","version_end_inclusive":true,"cpe23_uri":"cve5:lenovo:xclarity-controller:Refer to Mitigation strategy section in LEN-118321:Refer to Mitigation strategy section in LEN-118321"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-118321","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-04-28T20:47:46.172000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:27:44.223063Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:27:44.223063Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:27:44.223063Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:29:15.447901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:29:15.447901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:29:15.447901Z","label":"SSVC decision revised","source":"vulnrichment"}]}