Lucene search
+L

134 matches found

Cvelist
Cvelist
added 2024/09/13 5:27 p.m.22 views

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...

4.3CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 2024/09/13 5:27 p.m.44 views

CVE-2024-8059

CVE-2024-8059 concerns Lenovo XClarity Controller (XCC). The issue arises from the exposure of IPMI credentials in XCC audit log entries when the account username length is 16 characters. Affected software is Lenovo XCC; the root cause is credentials being captured in logs, leading to potential e...

4.3CVSS5AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.12 views

PT-2024-38911 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line...

7.2CVSS7.3AI score0.01032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.5 views

PT-2024-38908 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: A privilege escalation issue was discovered that could allow a valid, authenticated user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS7.7AI score0.01099EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.7 views

PT-2024-38780 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue concerns the exposure of IPMI credentials in XCC audit log entries. This occurs when the account username length is 16 characters. Recommendations: At the moment, there is no...

4.3CVSS6.9AI score0.00195EPSS
Exploits0References5
NVD
NVD
added 2024/08/12 1:38 p.m.34 views

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

8.8CVSS0.01025EPSS
Exploits0References1
OSV
OSV
added 2024/08/12 1:38 p.m.4 views

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

8.8CVSS5.8AI score0.01025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/09 2:19 a.m.17 views

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

7.5CVSS6.8AI score0.01025EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 8:15 p.m.23 views

CVE-2024-38512

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS0.01006EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 8:15 p.m.19 views

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01006EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 8:15 p.m.13 views

CVE-2024-38508

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...

7.2CVSS0.01006EPSS
Exploits0References1
NVD
NVD
added 2024/07/26 8:15 p.m.14 views

CVE-2024-38509

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command...

7.2CVSS0.0055EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/26 7:45 p.m.12 views

CVE-2024-38512

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
CVE
CVE
added 2024/07/26 7:45 p.m.48 views

CVE-2024-38512

CVE-2024-38512 is a privilege-escalation flaw in Lenovo/IBM XClarity Controller (XCC). An authenticated XCC user with elevated privileges could execute arbitrary commands by sending specially crafted IPMI commands, potentially impacting systems using XCC (e.g., IBM Cloud Pak System). The issue is...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/26 7:45 p.m.29 views

CVE-2024-38512

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...

7.2CVSS0.01006EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/26 7:45 p.m.11 views

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/26 7:45 p.m.21 views

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01006EPSS
Exploits0References1
CVE
CVE
added 2024/07/26 7:45 p.m.46 views

CVE-2024-38511

CVE-2024-38511 affects Lenovo XClarity Controller (XCC). A vulnerability in the upload processing functionality could allow a remote authenticated XCC user with elevated privileges to execute arbitrary commands via specially crafted file uploads. IBM’s bulletin for Cloud Pak System confirms XCC-b...

7.2CVSS7.7AI score0.01006EPSS
Exploits0References1
CVE
CVE
added 2024/07/26 7:45 p.m.63 views

CVE-2024-38510

CVE-2024-38510 is a privilege-escalation flaw in Lenovo XClarity Controller (XCC) where an authenticated XCC user with elevated privileges can trigger command injection via specially crafted file uploads to the SSH captive command shell interface. Affected product: Lenovo XCC (Lenovo XClarity Con...

7.2CVSS7.6AI score0.01071EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/26 7:45 p.m.23 views

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01071EPSS
Exploits0References1
Rows per page
Query Builder