CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*
cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.2
References () https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory () https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory

20 Jun 2023, 16:30

Type Values Removed Values Added
First Time Ami
Ami megarac Sp-x
CPE cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-78
References (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - (MISC) https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf - Vendor Advisory

12 Jun 2023, 18:22

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-12 18:15

Updated : 2024-11-21 08:07


NVD link : CVE-2023-34334

Mitre link : CVE-2023-34334

CVE.ORG link : CVE-2023-34334


JSON object : View

Products Affected

ami

  • megarac_sp-x
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')