HIGH🇵🇱 Wersja polska

CVE-2023-4606

CVSS 8.1v3.1pub. 2023-10-25upd. 2024-11-21

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Lenovo Thinkagile Hx1331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2330 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3330 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3331 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3375

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3375 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3376

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3376 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5530

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5530 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5531

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5531 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7530

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7530 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7531

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7531 Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 F All Flash

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 F All Flash Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 H Hybrid

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3330 H Hybrid Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 F All Flash

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 F All Flash Firmware

    OS
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 H Hybrid

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx3331 H Hybrid Firmware

    OS
    Lenovo
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-4607HIGH7.5ten sam produkt

An authenticated XCC user can change permissions for any user through a crafted API command.

CVE-2023-0683HIGH8.3ten sam produkt

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...

CVE-2023-29057HIGH7.3ten sam produkt

A valid XCC user's local account permissions overrides their active directory permissions under specific confi...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...