The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system...
4.9CVSS
5.2AI Score
0.002EPSS
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication.....
9.8CVSS
9.4AI Score
0.006EPSS
The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on.....
6.5CVSS
7.7AI Score
0.001EPSS
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file...
4.3CVSS
4.5AI Score
0.001EPSS
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged...
7.2CVSS
7.3AI Score
0.001EPSS
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the...
9.8CVSS
9.7AI Score
0.003EPSS