CVE-2023-28863
https://notcve.org/view.php?id=CVE-2023-28863
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023003.pdf https://ami.com https://www.kb.cert.org/vuls/id/163057 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2023-25191
https://notcve.org/view.php?id=CVE-2023-25191
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-522: Insufficiently Protected Credentials •
CVE-2023-25192
https://notcve.org/view.php?id=CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-40258 – Weak password hashes for Redfish & API
https://notcve.org/view.php?id=CVE-2022-40258
AMI Megarac Weak password hashes for Redfish & API • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf https://security.netapp.com/advisory/ntap-20230731-0008 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVE-2022-26872 – Password reset interception via API
https://notcve.org/view.php?id=CVE-2022-26872
AMI Megarac Password reset interception via API • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf https://security.netapp.com/advisory/ntap-20230731-0008 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •