AMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can inject arbitrary shell commands,
which may lead to code execution, denial of service, information disclosure, or
data tampering.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory |
20 Jun 2023, 16:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ami
Ami megarac Sp-x |
|
CPE | cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-78 | |
References | (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory |
12 Jun 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 18:15
Updated : 2024-11-21 08:07
NVD link : CVE-2023-34334
Mitre link : CVE-2023-34334
CVE.ORG link : CVE-2023-34334
JSON object : View
Products Affected
ami
- megarac_sp-x
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')