CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25856
https://notcve.org/view.php?id=CVE-2021-25856
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php. • https://github.com/pcmt/superMicro-CMS/issues/1 •
CVSS: 9.8EPSS: 0%CPEs: 332EXPL: 1CVE-2023-35861
https://notcve.org/view.php?id=CVE-2023-35861
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. • https://blog.freax13.de/cve/cve-2023-35861 https://www.supermicro.com/en/products/motherboards https://www.supermicro.com/en/support/security_SMTP_Jun_2023 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 294EXPL: 0CVE-2022-43309
https://notcve.org/view.php?id=CVE-2022-43309
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. • http://supermicro.com http://x11ssl-cf.com https://www.supermicro.com/en/support/security_VRM_Jan_2023 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 2.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-22887
https://notcve.org/view.php?id=CVE-2021-22887
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. Una vulnerabilidad en el BIOS de los modelos Pulse Secure (hardware de la serie PSA) PSA5000 y PSA7000, podría permitir a un atacante comprometer el firmware del BIOS. Esta vulnerabilidad solo puede ser explotada como parte de una cadena de ataque. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 https://www.supermicro.com/en/support/security/Trickbot • CWE-506: Embedded Malicious Code •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 4CVE-2020-15046 – SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2020-15046
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. La interfaz web en las tarjetas madres de Supermicro X10DRH-iT con BIOS versión 2.0a y firmware IPMI versión 03.40, permite a atacantes remotos explotar un problema de tipo CSRF del archivo cgi/config_user.cgi para agregar nuevos usuarios administradores. Las versiones corregidas son BIOS versión 3.2 y versión de firmware 03.88 SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/48652 https://www.exploit-db.com/exploits/48668 http://packetstormsecurity.com/files/158373/SuperMicro-IPMI-03.40-Cross-Site-Request-Forgery.html https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •