7.2

CVE-2024-8280

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerlenovo
Produkt thinkagile_hx7530_firmware
Default Statusunaffected
Version < 4.71_afbt48c
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_st250_v3_firmware
Default Statusunaffected
Version < 2.10_ctx213g
Version 0
Status affected
Herstellerlenovo
Produkt thinkagile_hx1320_firmware
Default Statusunknown
Version < 9.97_cdi3b4b
Version 0
Status affected
Herstellerlenovo
Produkt thinkagile_hx3375_firmware
Default Statusunaffected
Version < 5.61_d8bt64d
Version 0
Status affected
Herstellerlenovo
Produkt thinkagile_hx_enclosure_certified_node_firmware
Default Statusunaffected
Version < 6.36_tei3f4a
Version 0
Status affected
Herstellerlenovo
Produkt thinkagile_hx1021_edge_certified_node_3yr_firmware
Default Statusunaffected
Version < 4.11_tei3e4a
Version 0
Status affected
Herstellerlenovo
Produkt thinkagile_hx7820_firmware
Default Statusunaffected
Version < 3.11_psi354a
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sd530_v3_firmware
Default Statusunaffected
Version < 1.20_usx352
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sd630_v2_firmware
Default Statusunaffected
Version < 4.11_tgbt50c
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_st650_v3_firmware
Default Statusunaffected
Version < 6.10_usx350g
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sr675_v3_firmware
Default Statusunaffected
Version < 6.10_qgx340j
Version 0
Status affected
Herstellerlenovo
Produkt thinkedge_se350_v2_firmware
Default Statusunaffected
Version < 3.11_iyx328m
Version 0
Status affected
Herstellerlenovo
Produkt thinkedge_se450__firmware
Default Statusunaffected
Version < 3.11_usx332x
Version 0
Status affected
Herstellerlenovo
Produkt thinkedge_se455_v3_firmware
Default Statusunaffected
Version < 3.10_mbx308l
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sr630_v3_firmware
Default Statusunaffected
Version < 5.10_esx330m
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sr635_v3_firmware
Default Statusunaffected
Version < 3.20_kax334o
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sr850_v3_firmware
Default Statusunaffected
Version < 4.10_rsx312i
Version 0
Status affected
Herstellerlenovo
Produkt thinksystem_sr950_v3_firmware
Default Statusunaffected
Version < 3.10_ebx308i
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@lenovo.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.