An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:25:09.243Z

Updated: 2024-09-11T18:24:50.644Z

Reserved: 2023-08-29T15:54:54.303Z

Link: CVE-2023-4606

cve-icon Vulnrichment

Updated: 2024-08-02T07:31:06.613Z

cve-icon NVD

Status : Modified

Published: 2023-10-25T18:17:41.487

Modified: 2024-11-21T08:35:31.833

Link: CVE-2023-4606

cve-icon Redhat

No data.