Lucene search
K

64 matches found

Cvelist
Cvelist
added 2024/02/16 4:17 p.m.32 views

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

2CVSS4.1AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.5 views

Lenovo ThinkSystem Security Breach

Lenovo ThinkSystem is a ThinkSystem series server appliance from Lenovo, China. A security vulnerability exists in the Lenovo ThinkSystem SR670V2 that originates from a vulnerability that allows an attacker with logical access to the host or physical access within the server to modify or disable...

2.3CVSS6.5AI score0.00162EPSS
Exploits0References2
Lenovo
Lenovo
added 2024/02/13 8:39 p.m.1 views

Intel SPS End of Manufacturing Not Executed for Certain ThinkSystem SR670V2 Servers - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.7 views

PT-2024-1819 · Lenovo · Lenovo Thinksystem Sr670V2

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 Description: The issue is related to Lenovo ThinkSystem SR670V2 servers being left in Manufacturing Mode, which could allow an attacker with privileged...

2.3CVSS3.5AI score0.00162EPSS
Exploits0References8
NVD
NVD
added 2023/10/25 6:17 p.m.33 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

7.2CVSS5.7AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.23 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS8.1AI score0.00458EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.27 views

Sql injection

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

5.8CVSS7.3AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.23 views

Command injection

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

5.5CVSS8AI score0.00458EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/24 8:25 p.m.16 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

4.1CVSS7.8AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2023/10/24 8:25 p.m.50 views

CVE-2023-4608

CVE-2023-4608 is an authenticated SQL injection vulnerability in Lenovo ThinkSystem’s XClarity Controller (XCC). The issue allows blind SQL injection in limited cases via a crafted API command when exploited by an authenticated XCC user with elevated privileges. Affected are ThinkSystem v2 and v3...

7.2CVSS7.3AI score0.00336EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/24 8:25 p.m.31 views

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

4.1CVSS7.6AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/24 8:25 p.m.10 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS6.9AI score0.00458EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/24 8:25 p.m.25 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS8.2AI score0.00458EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.4 views

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

7.2CVSS7.2AI score0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.7 views

PT-2023-29817 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This issue affects ThinkSystem servers with XCC. Recommendations: For...

8.1CVSS7.9AI score0.00458EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.6 views

Lenovo ThinkSystem Storage SLP Detection

Binary data lenovothinksystemstorageslpdetect.nbin...

7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker exploited the vulnerability to execute commands without sufficient privileges on SMM v1, SMM v2, and FPC using specially designed Web...

6.3CVSS6.7AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.4 views

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker could exploit this vulnerability to cause a denial of service on the system...

7.5CVSS7.4AI score0.00616EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.5 views

The vulnerability of the Remote Presence subsystem of the microprogramming software used in Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, and Lenovo ThinkEdge industrial computers. This vulnerability allows a attacker to cause a service failure.

The vulnerability of the Remote Presence subsystem of the microprogramming software for Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, Lenovo ThinkEdge industrial computers, and the Lenovo ThinkAgile software/hardware system lies in the fact that the operation data is stored outsid...

7.8CVSS6.8AI score0.00631EPSS
Exploits0References2Affected Software32
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.8 views

The vulnerability of the remote connection function of the microprogramming software for Lenovo ThinkSystem storage servers, Lenovo ThinkStation workstations, and Lenovo ThinkEdge industrial computers, as well as the Lenovo ThinkAgile software/hardware system, allows attackers to increase their privileges.

The vulnerability of the Remote Presence subsystem of the microprogramming software for Lenovo ThinkSystem servers, Lenovo ThinkStation workstations, Lenovo ThinkEdge industrial computers, and the Lenovo ThinkAgile software/hardware system lies in the fact that the operation data is stored outsid...

10CVSS5.7AI score0.00414EPSS
Exploits0References2Affected Software32
Rows per page
Query Builder