CVE-2024-8280
- EPSS 1.35%
- Published 13.09.2024 18:15:07
- Last modified 14.09.2024 11:47:14
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
CVE-2024-8281
- EPSS 1.44%
- Published 13.09.2024 18:15:07
- Last modified 14.09.2024 11:47:14
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
CVE-2024-8278
- EPSS 1.44%
- Published 13.09.2024 18:15:06
- Last modified 14.09.2024 11:47:14
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
CVE-2024-8279
- EPSS 1.18%
- Published 13.09.2024 18:15:06
- Last modified 14.09.2024 11:47:14
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2023-4606
- EPSS 0.12%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:31
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVE-2023-4607
- EPSS 0.13%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:32
An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2023-4608
- EPSS 0.1%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:32
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.