MEDIUM🇵🇱 Wersja polska

CVE-2023-4608

CVSS 4.1v3.1pub. 2023-10-25upd. 2024-11-21

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
  • Lenovo Thinkagile Hx1331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2330 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3330 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3375

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3375 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3376

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3376 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5530

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5530 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5531

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5531 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7530

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7530 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7531

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7531 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 F All Flash

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 F All Flash Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 H Hybrid

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 H Hybrid Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 F All Flash

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 F All Flash Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 H Hybrid

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 H Hybrid Firmware

    OS
    Lenovo
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-4607HIGH7.5ten sam produkt

An authenticated XCC user can change permissions for any user through a crafted API command.

CVE-2023-4606HIGH8.1ten sam produkt

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...

CVE-2023-0683HIGH8.3ten sam produkt

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...

CVE-2023-29057HIGH7.3ten sam produkt

A valid XCC user's local account permissions overrides their active directory permissions under specific confi...