CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34345
https://notcve.org/view.php?id=CVE-2023-34345
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34344 – A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username
https://notcve.org/view.php?id=CVE-2023-34344
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28863
https://notcve.org/view.php?id=CVE-2023-28863
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023003.pdf https://ami.com https://www.kb.cert.org/vuls/id/163057 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25191
https://notcve.org/view.php?id=CVE-2023-25191
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25192
https://notcve.org/view.php?id=CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-668: Exposure of Resource to Wrong Sphere •