8.1
CVE-2023-4606
- EPSS 0.12%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:31
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Thinkagile Hx5530 Firmware Version-
Lenovo ≫ Thinkagile Hx7530 Firmware Version-
Lenovo ≫ Thinkagile Vx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx1331 Firmware Version-
Lenovo ≫ Thinkagile Hx2330 Firmware Version-
Lenovo ≫ Thinkagile Hx2331 Firmware Version-
Lenovo ≫ Thinkagile Hx3330 Firmware Version-
Lenovo ≫ Thinkagile Hx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx3375 Firmware Version-
Lenovo ≫ Thinkagile Hx3376 Firmware Version-
Lenovo ≫ Thinkagile Hx5531 Firmware Version-
Lenovo ≫ Thinkagile Hx7530 Firmware Version-
Lenovo ≫ Thinkagile Hx7531 Firmware Version-
Lenovo ≫ Thinkagile Hx7531 Firmware Version-
Lenovo ≫ Thinkagile Mx3330-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Mx3330-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3331-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Mx3331-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3530 F All Flash Firmware Version-
Lenovo ≫ Thinkagile Mx3530-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3531 H Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3531-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Vx2330 Firmware Version-
Lenovo ≫ Thinkagile Vx3330 Firmware Version-
Lenovo ≫ Thinkagile Vx3530-g Firmware Version-
Lenovo ≫ Thinkagile Vx5530 Firmware Version-
Lenovo ≫ Thinkagile Vx7330 Firmware Version-
Lenovo ≫ Thinkagile Vx7530 Firmware Version-
Lenovo ≫ Thinkagile Vx7531 Firmware Version-
Lenovo ≫ Thinksystem Sd630 V2 Firmware Version-
Lenovo ≫ Thinksystem Sd650 V2 Firmware Version-
Lenovo ≫ Thinksystem Sd650 V3 Firmware Version-
Lenovo ≫ Thinksystem Sd650-n V2 Firmware Version-
Lenovo ≫ Thinksystem Sd665 V3 Firmware Version-
Lenovo ≫ Thinksystem Sn550 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr250 Firmware Version-
Lenovo ≫ Thinksystem Sr258 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr630 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr630 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr635 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr645 Firmware Version-
Lenovo ≫ Thinksystem Sr645 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr650 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr650 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr655 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr665 Firmware Version-
Lenovo ≫ Thinksystem Sr665 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr670 Firmware Version-
Lenovo ≫ Thinksystem Sr670 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr675 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V3 Firmware Version-
Lenovo ≫ Thinksystem St250 V2 Firmware Version-
Lenovo ≫ Thinksystem St258 V2 Firmware Version-
Lenovo ≫ Thinksystem St650 V2 Firmware Version-
Lenovo ≫ Thinksystem St650 V3 Firmware Version-
Lenovo ≫ Thinksystem St658 V2 Firmware Version-
Lenovo ≫ Thinksystem St658 V3 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.317 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| psirt@lenovo.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.