64 matches found
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
Lenovo ThinkSystem Security Breach
Lenovo ThinkSystem is a ThinkSystem series server appliance from Lenovo, China. A security vulnerability exists in the Lenovo ThinkSystem SR670V2 that originates from a vulnerability that allows an attacker with logical access to the host or physical access within the server to modify or disable...
Intel SPS End of Manufacturing Not Executed for Certain ThinkSystem SR670V2 Servers - Lenovo Support US
No description provided...
PT-2024-1819 · Lenovo · Lenovo Thinksystem Sr670V2
Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 Description: The issue is related to Lenovo ThinkSystem SR670V2 servers being left in Manufacturing Mode, which could allow an attacker with privileged...
CVE-2023-4608
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
CVE-2023-4606
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
Sql injection
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
Command injection
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
CVE-2023-4608
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
CVE-2023-4608
CVE-2023-4608 is an authenticated SQL injection vulnerability in Lenovo ThinkSystem’s XClarity Controller (XCC). The issue allows blind SQL injection in limited cases via a crafted API command when exploited by an authenticated XCC user with elevated privileges. Affected are ThinkSystem v2 and v3...
CVE-2023-4608
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
CVE-2023-4606
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
CVE-2023-4606
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
PT-2023-29831 · Lenovo · Thinksystem
Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...
PT-2023-29817 · Lenovo · Thinksystem
Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This issue affects ThinkSystem servers with XCC. Recommendations: For...
Lenovo ThinkSystem Storage SLP Detection
Binary data lenovothinksystemstorageslpdetect.nbin...
Lenovo ThinkSystem 安全漏洞
Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker exploited the vulnerability to execute commands without sufficient privileges on SMM v1, SMM v2, and FPC using specially designed Web...
Lenovo ThinkSystem 安全漏洞
Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker could exploit this vulnerability to cause a denial of service on the system...
The vulnerability of the Remote Presence subsystem of the microprogramming software used in Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, and Lenovo ThinkEdge industrial computers. This vulnerability allows a attacker to cause a service failure.
The vulnerability of the Remote Presence subsystem of the microprogramming software for Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, Lenovo ThinkEdge industrial computers, and the Lenovo ThinkAgile software/hardware system lies in the fact that the operation data is stored outsid...
The vulnerability of the remote connection function of the microprogramming software for Lenovo ThinkSystem storage servers, Lenovo ThinkStation workstations, and Lenovo ThinkEdge industrial computers, as well as the Lenovo ThinkAgile software/hardware system, allows attackers to increase their privileges.
The vulnerability of the Remote Presence subsystem of the microprogramming software for Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, Lenovo ThinkEdge industrial computers, and the Lenovo ThinkAgile software/hardware system lies in the fact that the operation data is stored outsid...