Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4606

Published: 25/10/2023 Updated: 07/11/2023
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Vulnerable Product Search on Vulmon Subscribe to Product

lenovo thinkagile_hx5530_firmware -

lenovo thinkagile_hx7530_firmware -

lenovo thinkagile_vx3331_firmware -

lenovo thinkagile_hx1331_firmware -

lenovo thinkagile_hx2330_firmware -

lenovo thinkagile_hx2331_firmware -

lenovo thinkagile_hx3330_firmware -

lenovo thinkagile_hx3331_firmware -

lenovo thinkagile_hx3375_firmware -

lenovo thinkagile_hx3376_firmware -

lenovo thinkagile_hx5531_firmware -

lenovo thinkagile_hx7531_firmware -

lenovo thinkagile_mx3330-f_all-flash_firmware -

lenovo thinkagile_mx3330-h_hybrid_firmware -

lenovo thinkagile_mx3331-f_all-flash_firmware -

lenovo thinkagile_mx3331-h_hybrid_firmware -

lenovo thinkagile_mx3530_f_all_flash_firmware -

lenovo thinkagile_mx3530-h_hybrid_firmware -

lenovo thinkagile_mx3531_h_hybrid_firmware -

lenovo thinkagile_mx3531-f_all-flash_firmware -

lenovo thinkagile_vx2330_firmware -

lenovo thinkagile_vx3330_firmware -

lenovo thinkagile_vx3530-g_firmware -

lenovo thinkagile_vx5530_firmware -

lenovo thinkagile_vx7330_firmware -

lenovo thinkagile_vx7530_firmware -

lenovo thinkagile_vx7531_firmware -

lenovo thinksystem_sd630_v2_firmware -

lenovo thinksystem_sd650_v2_firmware -

lenovo thinksystem sd650 v3 firmware -

lenovo thinksystem_sd650-n_v2_firmware -

lenovo thinksystem sd665 v3 firmware -

lenovo thinksystem_sn550_v2_firmware -

lenovo thinksystem_sr250_firmware -

lenovo thinksystem_sr258_v2_firmware -

lenovo thinksystem_sr630_v2_firmware -

lenovo thinksystem sr630 v3 firmware -

lenovo thinksystem sr635 v3 firmware -

lenovo thinksystem_sr645_firmware -

lenovo thinksystem_sr645_v3_firmware -

lenovo thinksystem_sr650_v2_firmware -

lenovo thinksystem sr650 v3 firmware -

lenovo thinksystem sr655 v3 firmware -

lenovo thinksystem_sr665_firmware -

lenovo thinksystem sr665 v3 firmware -

lenovo thinksystem_sr670_firmware -

lenovo thinksystem_sr670_v2_firmware -

lenovo thinksystem sr675 v3 firmware -

lenovo thinksystem_sr850_v2_firmware -

lenovo thinksystem sr850 v3 firmware -

lenovo thinksystem_sr860_v2_firmware -

lenovo thinksystem sr860 v3 firmware -

lenovo thinksystem_st250_v2_firmware -

lenovo thinksystem_st258_v2_firmware -

lenovo thinksystem_st650_v2_firmware -

lenovo thinksystem st650 v3 firmware -

lenovo thinksystem_st658_v2_firmware -

lenovo thinksystem st658 v3 firmware -

References

CWE-862https://support.lenovo.com/us/en/product_security/LEN-140960https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook