Ami: Security Vulnerabilities
AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can access arbitrary files, which may
lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-12
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-04-18
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-15
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-02-15
AMI Megarac Weak password hashes for
Redfish & API
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-31
AMI Megarac Password reset interception via API
CVSS Score
8.3
EPSS Score
0.001
Published
2023-01-30
AMI MegaRAC User Enumeration Vulnerability
CVSS Score
7.5
EPSS Score
0.157
Published
2022-12-05
MegaRAC Default Credentials Vulnerability
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-05
MegaRAC Default Credentials Vulnerability
CVSS Score
8.3
EPSS Score
0.003
Published
2022-12-05
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x.
CVSS Score
8.2
EPSS Score
0.0
Published
2022-09-20