A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
6.7CVSS
6.9AI Score
0.0004EPSS
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
8.1CVSS
7.9AI Score
0.001EPSS
An authenticated XCC user can change permissions for any user through a crafted API command.
8.8CVSS
8.4AI Score
0.001EPSS
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
7.2CVSS
7.3AI Score
0.001EPSS