Lenovo: >> Thinkagile Mx3531 H Hybrid Firmware Security Vulnerabilities
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-25
An authenticated XCC user can change permissions for any user through a crafted API command.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-25
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
4.1
EPSS Score
0.001
Published
2023-10-25
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-01-30