Vulnerability Details CVE-2024-22216
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.6%
CVSS Severity
CVSS v3 Score 10.0
References
- https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability
- https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability
Products affected by CVE-2024-22216
-
cpe:2.3:a:microchip:maxview_storage_manager:3.00.23484
-
cpe:2.3:a:microchip:maxview_storage_manager:3.07.23980
-
cpe:2.3:a:microchip:maxview_storage_manager:4.14.00.26064