Design/Logic Flaw

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

Design/Logic Flaw

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34345

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure...

CVE-2023-34341

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...

Design/Logic Flaw

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...

Design/Logic Flaw

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34334

The CVE-2023-34334 entry describes an issue in AMI BMC’s SPX REST API where an attacker with required privileges can inject arbitrary shell commands, potentially enabling code execution, denial of service, information disclosure, or data tampering. Affected product is AMI BMC (SPX REST API compon...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34343

CVE-2023-34343 concerns AMI BMC (American Megatrends) with a vulnerability in the SPX REST API . An attacker with the required privileges can inject arbitrary shell commands via the REST interface, potentially causing code execution, denial of service, information disclosure, or data tampering . ...

CVE-2023-34341

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34341

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34341

CVE-2023-34341 concerns a vulnerability in BMC AMI’s SPX REST API. An attacker with required privileges can read/write arbitrary memory within the IPMI server process, potentially enabling code execution, denial of service, information disclosure, or data tampering. Attack vector is network-based...

CVE-2023-34345

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure...

CVE-2023-34345

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure...

CVE-2023-34345

AMI BMC is affected by CVE-2023-34345 via the SPX REST API. The vulnerability allows an attacker with required privileges to access arbitrary files, causing information disclosure. Public documentation does not specify the exact vulnerable version range or a confirmed fix; some sources indicate n...

PT-2023-24829 · American Megatrends · Ami Bmc

Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns the SPX REST API in AMI BMC, where an attacker with the required privileges can inject arbitrary shell commands. This could potentially lead to code execution, denial of...

Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API

The plugin does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. PoC 1. Create a new Course, add a Topic, and add a Lesson to the Topic. 2. In Tutor LMS Settings Course,...