Lenovo THINKAGILE MX3530 F All Flash Firmware

CPE Details

Lenovo THINKAGILE MX3530 F All Flash Firmware
lenovo
thinkagile_mx3530_f_all_flash_firmware
-
2023-12-20
12h30 +00:00
2023-12-20
12h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:lenovo:thinkagile_mx3530_f_all_flash_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

lenovo

Product

thinkagile_mx3530_f_all_flash_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-4608 2023-10-24 20h25 +00:00 An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
7.2
High
CVE-2023-4607 2023-10-24 20h25 +00:00 An authenticated XCC user can change permissions for any user through a crafted API command.
8.8
High
CVE-2023-4606 2023-10-24 20h25 +00:00 An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
8.1
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.