134 matches found
CVE-2024-8059
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...
CVE-2024-8059
CVE-2024-8059 concerns Lenovo XClarity Controller (XCC). The issue arises from the exposure of IPMI credentials in XCC audit log entries when the account username length is 16 characters. Affected software is Lenovo XCC; the root cause is credentials being captured in logs, leading to potential e...
PT-2024-38911 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line...
PT-2024-38908 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: A privilege escalation issue was discovered that could allow a valid, authenticated user with elevated privileges to perform command injection via specially crafted IPMI commands...
PT-2024-38780 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue concerns the exposure of IPMI credentials in XCC audit log entries. This occurs when the account username length is 16 characters. Recommendations: At the moment, there is no...
CVE-2024-0113
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...
CVE-2024-0113
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...
CVE-2024-0113
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...
CVE-2024-38512
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-38511
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-38508
A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...
CVE-2024-38509
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command...
CVE-2024-38512
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-38512
CVE-2024-38512 is a privilege-escalation flaw in Lenovo/IBM XClarity Controller (XCC). An authenticated XCC user with elevated privileges could execute arbitrary commands by sending specially crafted IPMI commands, potentially impacting systems using XCC (e.g., IBM Cloud Pak System). The issue is...
CVE-2024-38512
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-38511
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-38511
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-38511
CVE-2024-38511 affects Lenovo XClarity Controller (XCC). A vulnerability in the upload processing functionality could allow a remote authenticated XCC user with elevated privileges to execute arbitrary commands via specially crafted file uploads. IBM’s bulletin for Cloud Pak System confirms XCC-b...
CVE-2024-38510
CVE-2024-38510 is a privilege-escalation flaw in Lenovo XClarity Controller (XCC) where an authenticated XCC user with elevated privileges can trigger command injection via specially crafted file uploads to the SSH captive command shell interface. Affected product: Lenovo XCC (Lenovo XClarity Con...
CVE-2024-38510
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...