An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:25:49.416Z

Updated: 2024-09-11T20:38:29.704Z

Reserved: 2023-08-29T15:54:56.119Z

Link: CVE-2023-4608

cve-icon Vulnrichment

Updated: 2024-08-02T07:31:06.539Z

cve-icon NVD

Status : Modified

Published: 2023-10-25T18:17:41.670

Modified: 2024-11-21T08:35:32.260

Link: CVE-2023-4608

cve-icon Redhat

No data.