An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:LLenovo Thinkagile Hx1331
HWLenovowszystkie wersjeLenovo Thinkagile Hx1331 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx2330
HWLenovowszystkie wersjeLenovo Thinkagile Hx2330 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx2331
HWLenovowszystkie wersjeLenovo Thinkagile Hx2331 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx3330
HWLenovowszystkie wersjeLenovo Thinkagile Hx3330 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx3331
HWLenovowszystkie wersjeLenovo Thinkagile Hx3331 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx3375
HWLenovowszystkie wersjeLenovo Thinkagile Hx3375 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx3376
HWLenovowszystkie wersjeLenovo Thinkagile Hx3376 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx5530
HWLenovowszystkie wersjeLenovo Thinkagile Hx5530 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx5531
HWLenovowszystkie wersjeLenovo Thinkagile Hx5531 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx7530
HWLenovowszystkie wersjeLenovo Thinkagile Hx7530 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Hx7531
HWLenovowszystkie wersjeLenovo Thinkagile Hx7531 Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Mx3330 F All Flash
HWLenovowszystkie wersjeLenovo Thinkagile Mx3330 F All Flash Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Mx3330 H Hybrid
HWLenovowszystkie wersjeLenovo Thinkagile Mx3330 H Hybrid Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Mx3331 F All Flash
HWLenovowszystkie wersjeLenovo Thinkagile Mx3331 F All Flash Firmware
OSLenovowszystkie wersjeLenovo Thinkagile Mx3331 H Hybrid
HWLenovowszystkie wersjeLenovo Thinkagile Mx3331 H Hybrid Firmware
OSLenovowszystkie wersje
Related vulnerabilities
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...
An authenticated XCC user can change permissions for any user through a crafted API command.
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...
A valid XCC user's local account permissions overrides their active directory permissions under specific confi...