Page 5 of 29 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-203: Observable Discrepancy •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023003.pdf https://ami.com https://www.kb.cert.org/vuls/id/163057 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-668: Exposure of Resource to Wrong Sphere •