A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.Referenceshttps://support.lenovo.com/us/en/product_security/LEN-98715
