CVE-2023-4608

EPSS 0.1%
Veröffentlicht 25.10.2023 18:17:41
Zuletzt bearbeitet 21.11.2024 08:35:32
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. 

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Thinkagile Hx5530 Firmware Version-

Lenovo ≫ Thinkagile Hx5530 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version-

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Vx3331 Firmware Version-

Lenovo ≫ Thinkagile Vx3331 Version-

Lenovo ≫ Thinkagile Hx1331 Firmware Version-

Lenovo ≫ Thinkagile Hx1331 Version-

Lenovo ≫ Thinkagile Hx2330 Firmware Version-

Lenovo ≫ Thinkagile Hx2330 Version-

Lenovo ≫ Thinkagile Hx2331 Firmware Version-

Lenovo ≫ Thinkagile Hx2331 Version-

Lenovo ≫ Thinkagile Hx3330 Firmware Version-

Lenovo ≫ Thinkagile Hx3330 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version-

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version-

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3375 Firmware Version-

Lenovo ≫ Thinkagile Hx3375 Version-

Lenovo ≫ Thinkagile Hx3376 Firmware Version-

Lenovo ≫ Thinkagile Hx3376 Version-

Lenovo ≫ Thinkagile Hx5531 Firmware Version-

Lenovo ≫ Thinkagile Hx5531 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version-

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version-

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version-

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Mx3330-f All-flash Firmware Version-

Lenovo ≫ Thinkagile Mx3330-f All-flash Version-

Lenovo ≫ Thinkagile Mx3330-h Hybrid Firmware Version-

Lenovo ≫ Thinkagile Mx3330-h Hybrid Version-

Lenovo ≫ Thinkagile Mx3331-f All-flash Firmware Version-

Lenovo ≫ Thinkagile Mx3331-f All-flash Version-

Lenovo ≫ Thinkagile Mx3331-h Hybrid Firmware Version-

Lenovo ≫ Thinkagile Mx3331-h Hybrid Version-

Lenovo ≫ Thinkagile Mx3530 F All Flash Firmware Version-

Lenovo ≫ Thinkagile Mx3530 F All Flash Version-

Lenovo ≫ Thinkagile Mx3530-h Hybrid Firmware Version-

Lenovo ≫ Thinkagile Mx3530-h Hybrid Version-

Lenovo ≫ Thinkagile Mx3531 H Hybrid Firmware Version-

Lenovo ≫ Thinkagile Mx3531 H Hybrid Version-

Lenovo ≫ Thinkagile Mx3531-f All-flash Firmware Version-

Lenovo ≫ Thinkagile Mx3531-f All-flash Version-

Lenovo ≫ Thinkagile Vx2330 Firmware Version-

Lenovo ≫ Thinkagile Vx2330 Version-

Lenovo ≫ Thinkagile Vx3330 Firmware Version-

Lenovo ≫ Thinkagile Vx3330 Version-

Lenovo ≫ Thinkagile Vx3530-g Firmware Version-

Lenovo ≫ Thinkagile Vx3530-g Version-

Lenovo ≫ Thinkagile Vx5530 Firmware Version-

Lenovo ≫ Thinkagile Vx5530 Version-

Lenovo ≫ Thinkagile Vx7330 Firmware Version-

Lenovo ≫ Thinkagile Vx7330 Version-

Lenovo ≫ Thinkagile Vx7530 Firmware Version-

Lenovo ≫ Thinkagile Vx7530 Version-

Lenovo ≫ Thinkagile Vx7531 Firmware Version-

Lenovo ≫ Thinkagile Vx7531 Version-

Lenovo ≫ Thinksystem Sd630 V2 Firmware Version-

Lenovo ≫ Thinksystem Sd630 V2 Version-

Lenovo ≫ Thinksystem Sd650 V2 Firmware Version-

Lenovo ≫ Thinksystem Sd650 V2 Version-

Lenovo ≫ Thinksystem Sd650 V3 Firmware Version-

Lenovo ≫ Thinksystem Sd650-n V2 Firmware Version-

Lenovo ≫ Thinksystem Sd650-n V2 Version-

Lenovo ≫ Thinksystem Sd665 V3 Firmware Version-

Lenovo ≫ Thinksystem Sn550 V2 Firmware Version-

Lenovo ≫ Thinksystem Sn550 V2 Version-

Lenovo ≫ Thinksystem Sr250 Firmware Version-

Lenovo ≫ Thinksystem Sr250 V2 Version-

Lenovo ≫ Thinksystem Sr258 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr258 V2 Version-

Lenovo ≫ Thinksystem Sr630 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr630 V2 Version-

Lenovo ≫ Thinksystem Sr630 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr635 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr645 Firmware Version-

Lenovo ≫ Thinksystem Sr645 Version-

Lenovo ≫ Thinksystem Sr645 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr645 V3 Version-

Lenovo ≫ Thinksystem Sr650 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr650 V2 Version-

Lenovo ≫ Thinksystem Sr650 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr655 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr665 Firmware Version-

Lenovo ≫ Thinksystem Sr665 Version-

Lenovo ≫ Thinksystem Sr665 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr670 Firmware Version-

Lenovo ≫ Thinksystem Sr670 Version-

Lenovo ≫ Thinksystem Sr670 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr670 V2 Version-

Lenovo ≫ Thinksystem Sr675 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr850 V2 Version-

Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr850 V2 Version-

Lenovo ≫ Thinksystem Sr850 V3 Firmware Version-

Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr860 V2 Version-

Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-

Lenovo ≫ Thinksystem Sr860 V2 Version-

Lenovo ≫ Thinksystem Sr860 V3 Firmware Version-

Lenovo ≫ Thinksystem St250 V2 Firmware Version-

Lenovo ≫ Thinksystem St250 V2 Version-

Lenovo ≫ Thinksystem St258 V2 Firmware Version-

Lenovo ≫ Thinksystem St258 V2 Version-

Lenovo ≫ Thinksystem St650 V2 Firmware Version-

Lenovo ≫ Thinksystem St650 V2 Version-

Lenovo ≫ Thinksystem St650 V3 Firmware Version-

Lenovo ≫ Thinksystem St658 V2 Firmware Version-

Lenovo ≫ Thinksystem St658 V2 Version-

Lenovo ≫ Thinksystem St658 V3 Firmware Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.28

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	4.1	0.7	3.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://support.lenovo.com/us/en/product_security/LEN-140960

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4608

EUVD