Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34337 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 8.8 HIGH |
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
CVE-2023-34334 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 8.8 HIGH |
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||||
CVE-2023-34473 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 8.8 HIGH |
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | |||||
CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 9.8 CRITICAL |
MegaRAC Default Credentials Vulnerability | |||||
CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 7.5 HIGH |
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | |||||
CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 7.5 HIGH |
AMI MegaRAC User Enumeration Vulnerability | |||||
CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 9.8 CRITICAL |
MegaRAC Default Credentials Vulnerability | |||||
CVE-2022-26872 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 8.8 HIGH |
AMI Megarac Password reset interception via API | |||||
CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 5.3 MEDIUM |
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. |