CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

EUVD-2023-54459

Malicious code in bioql PyPI...

EUVD-2024-41310

Malicious code in bioql PyPI...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary commands.

The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created files...

The vulnerability of the web interface or command interface of the Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface or command interface of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem servers is related to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...

The vulnerability of the Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers arises from the lack of measures taken to neutralize specific elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created files...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-45105

Summary: CVE-2024-45105 describes a UEFI SMM callout vulnerability affecting Lenovo ThinkSystem servers. The issue could allow a local attacker with elevated privileges to execute arbitrary code via a SMM callout. The CVSS vectors indicate local access, low attack complexity, but required high pr...

PT-2024-31435 · Lenovo · Lenovo Thinksystem Servers

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem servers affected versions not specified Description: An internal product security audit discovered a UEFI SMM System Management Mode callout issue in certain ThinkSystem servers. This could allow a local attacker with...

PT-2023-29817 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This issue affects ThinkSystem servers with XCC. Recommendations: For...

The vulnerability of the Remote Presence subsystem of the microprogramming software used in Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, and Lenovo ThinkEdge industrial computers. This vulnerability allows a attacker to cause a service failure.

The vulnerability of the Remote Presence subsystem of the microprogramming software for Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, Lenovo ThinkEdge industrial computers, and the Lenovo ThinkAgile software/hardware system lies in the fact that the operation data is stored outsid...