Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4608

Published: 25/10/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Lenovo

Vulnerability Summary

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Vulnerable Product Search on Vulmon Subscribe to Product

lenovo thinkagile_hx5530_firmware -

lenovo thinkagile_hx7530_firmware -

lenovo thinkagile_vx3331_firmware -

lenovo thinkagile_hx1331_firmware -

lenovo thinkagile_hx2330_firmware -

lenovo thinkagile_hx2331_firmware -

lenovo thinkagile_hx3330_firmware -

lenovo thinkagile_hx3331_firmware -

lenovo thinkagile_hx3375_firmware -

lenovo thinkagile_hx3376_firmware -

lenovo thinkagile_hx5531_firmware -

lenovo thinkagile_hx7531_firmware -

lenovo thinkagile_mx3330-f_all-flash_firmware -

lenovo thinkagile_mx3330-h_hybrid_firmware -

lenovo thinkagile_mx3331-f_all-flash_firmware -

lenovo thinkagile_mx3331-h_hybrid_firmware -

lenovo thinkagile_mx3530_f_all_flash_firmware -

lenovo thinkagile_mx3530-h_hybrid_firmware -

lenovo thinkagile_mx3531_h_hybrid_firmware -

lenovo thinkagile_mx3531-f_all-flash_firmware -

lenovo thinkagile_vx2330_firmware -

lenovo thinkagile_vx3330_firmware -

lenovo thinkagile_vx3530-g_firmware -

lenovo thinkagile_vx5530_firmware -

lenovo thinkagile_vx7330_firmware -

lenovo thinkagile_vx7530_firmware -

lenovo thinkagile_vx7531_firmware -

lenovo thinksystem_sd630_v2_firmware -

lenovo thinksystem_sd650_v2_firmware -

lenovo thinksystem sd650 v3 firmware -

lenovo thinksystem_sd650-n_v2_firmware -

lenovo thinksystem sd665 v3 firmware -

lenovo thinksystem_sn550_v2_firmware -

lenovo thinksystem_sr250_firmware -

lenovo thinksystem_sr258_v2_firmware -

lenovo thinksystem_sr630_v2_firmware -

lenovo thinksystem sr630 v3 firmware -

lenovo thinksystem sr635 v3 firmware -

lenovo thinksystem_sr645_firmware -

lenovo thinksystem_sr645_v3_firmware -

lenovo thinksystem_sr650_v2_firmware -

lenovo thinksystem sr650 v3 firmware -

lenovo thinksystem sr655 v3 firmware -

lenovo thinksystem_sr665_firmware -

lenovo thinksystem sr665 v3 firmware -

lenovo thinksystem_sr670_firmware -

lenovo thinksystem_sr670_v2_firmware -

lenovo thinksystem sr675 v3 firmware -

lenovo thinksystem_sr850_v2_firmware -

lenovo thinksystem sr850 v3 firmware -

lenovo thinksystem_sr860_v2_firmware -

lenovo thinksystem sr860 v3 firmware -

lenovo thinksystem_st250_v2_firmware -

lenovo thinksystem_st258_v2_firmware -

lenovo thinksystem_st650_v2_firmware -

lenovo thinksystem st650 v3 firmware -

lenovo thinksystem_st658_v2_firmware -

lenovo thinksystem st658 v3 firmware -

References

CWE-89https://support.lenovo.com/us/en/product_security/LEN-140960https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook