Lenovo THINKAGILE MX3331-F ALL-FLASH

CPE Details

Lenovo THINKAGILE MX3331-F ALL-FLASH
lenovo
thinkagile_mx3331-f_all-flash
-
2023-02-08
12h17 +00:00
2023-02-23
17h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:h:lenovo:thinkagile_mx3331-f_all-flash:-:*:*:*:*:*:*:*

Informations

Vendor

lenovo

Product

thinkagile_mx3331-f_all-flash

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-4608 2023-10-24 20h25 +00:00 An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
7.2
High
CVE-2023-4607 2023-10-24 20h25 +00:00 An authenticated XCC user can change permissions for any user through a crafted API command.
8.8
High
CVE-2023-4606 2023-10-24 20h25 +00:00 An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
8.1
High
CVE-2022-40137 2023-01-30 21h26 +00:00 A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
6.7
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.