Lenovo

Thinksystem Sd650 V3 Firmware

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-4606

  • EPSS 0.12%
  • Published 25.10.2023 18:17:41
  • Last modified 21.11.2024 08:35:31

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

8.8

CVE-2023-4607

  • EPSS 0.13%
  • Published 25.10.2023 18:17:41
  • Last modified 21.11.2024 08:35:32

An authenticated XCC user can change permissions for any user through a crafted API command.

7.2

CVE-2023-4608

  • EPSS 0.1%
  • Published 25.10.2023 18:17:41
  • Last modified 21.11.2024 08:35:32

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.