Thinksystem Sr630 V2 Firmware Security Vulnerabilities and Issues — Thinksystem Sr630 V2 Firmware CVE List

Lucene search

LenovoThinksystem Sr630 V2 Firmware

5 matches found

CVE•added 2023/05/01 3:15 p.m.•36 views

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

8.8CVSS8.5AI score0.00313EPSS

CVE•added 2023/10/25 6:17 p.m.•36 views

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command.

8.8CVSS8.4AI score0.00169EPSS

CVE•added 2023/04/28 9:15 p.m.•33 views

CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

8.8CVSS8.3AI score0.00117EPSS

CVE•added 2023/05/01 3:15 p.m.•30 views

CVE-2023-25492

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

8.8CVSS8.3AI score0.00138EPSS

CVE•added 2023/10/25 6:17 p.m.•28 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

8.1CVSS7.9AI score0.00117EPSS