Lucene search
K

133 matches found

cve
cve
added 2024/07/26 7:45 p.m.43 views

CVE-2024-38509

CVE-2024-38509 affects Lenovo’s XClarity Controller (XCC). A flaw in how IPMI commands are processed can let an authenticated XCC user with elevated privileges execute arbitrary code, i.e., privilege escalation and code execution. The issue is documented with a base CVSS of 7.2 (HIGH) and is desc...

7.2CVSS7.4AI score0.0055EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/07/26 7:45 p.m.13 views

CVE-2024-38509

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command...

7.2CVSS7.9AI score0.0055EPSS
Exploits0References1
cve
cve
added 2024/07/26 7:44 p.m.57 views

CVE-2024-38508

Lenovo XClarity Controller (XCC) web interface or SSH captive command shell interface contains a privilege-escalation vulnerability (CVE-2024-38508). An authenticated XCC user with elevated privileges can perform arbitrary code execution by sending a specially crafted request. IBM’s advisory for ...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
cvelist
cvelist
added 2024/07/26 7:44 p.m.24 views

CVE-2024-38508

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...

7.2CVSS0.01006EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/07/26 7:44 p.m.13 views

CVE-2024-38508

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
cvelist
cvelist
added 2024/03/26 3:48 p.m.20 views

CVE-2024-2214 Missing array size check in _Mtxinit() in the Xtensa port

In Eclipse ThreadX before version 6.4.0, the Mtxinit function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/txcliblock.c...

7CVSS7AI score0.00336EPSS
Exploits1References3
nvd
nvd
added 2023/10/25 6:17 p.m.23 views

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command...

8.8CVSS7.7AI score0.00427EPSS
Exploits0References1
nvd
nvd
added 2023/10/25 6:17 p.m.25 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS8.1AI score0.00458EPSS
Exploits0References1
nvd
nvd
added 2023/10/25 6:17 p.m.34 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

7.2CVSS5.7AI score0.00336EPSS
Exploits0References1
prion
prion
added 2023/10/25 6:17 p.m.23 views

Command injection

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

5.5CVSS8AI score0.00458EPSS
Exploits0References1
prion
prion
added 2023/10/25 6:17 p.m.28 views

Sql injection

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

5.8CVSS7.3AI score0.00336EPSS
Exploits0References1
cve
cve
added 2023/10/24 8:25 p.m.52 views

CVE-2023-4608

CVE-2023-4608 is an authenticated SQL injection vulnerability in Lenovo ThinkSystem’s XClarity Controller (XCC). The issue allows blind SQL injection in limited cases via a crafted API command when exploited by an authenticated XCC user with elevated privileges. Affected are ThinkSystem v2 and v3...

7.2CVSS7.3AI score0.00336EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/10/24 8:25 p.m.16 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

4.1CVSS7.8AI score0.00336EPSS
Exploits0References1
cvelist
cvelist
added 2023/10/24 8:25 p.m.31 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

4.1CVSS7.6AI score0.00336EPSS
Exploits0References1
cve
cve
added 2023/10/24 8:25 p.m.57 views

CVE-2023-4607

CVE-2023-4607 describes a vulnerability in Lenovo XClarity Controller (XCC): an authenticated XCC user can leverage a crafted API command to change the permissions of any user, effectively gaining elevated privileges. The issue is documented across multiple sources (Lenovo LEN-140960 reference; R...

8.8CVSS8.4AI score0.00427EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/10/24 8:25 p.m.26 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS8.2AI score0.00458EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/10/24 8:25 p.m.11 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS6.9AI score0.00458EPSS
Exploits0References1
cve
cve
added 2023/10/24 8:25 p.m.43 views

CVE-2023-4606

CVE-2023-4606 affects Lenovo ThinkSystem ThinkSystem v2 and v3 servers with XCC. An authenticated XCC user with Read-Only privileges can change another user’s password via a crafted API command. Root cause and explicit exploit details are not provided in the available documents. CVSS v3.1 base sc...

8.1CVSS7.9AI score0.00458EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.6 views

PT-2023-29822 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue allows an authenticated XCC user to change permissions for any user through a crafted API command. Recommendations: At the moment, there is no information about a newer version that...

8.8CVSS8.4AI score0.00427EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.9 views

PT-2023-29817 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This issue affects ThinkSystem servers with XCC. Recommendations: For...

8.1CVSS7.9AI score0.00458EPSS
Exploits0References3
Rows per page
Query Builder