CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-54085 – Redfish Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-54085
11 Mar 2025 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. • https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34335
https://notcve.org/view.php?id=CVE-2023-34335
12 Jun 2023 — AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40258 – Weak password hashes for Redfish & API
https://notcve.org/view.php?id=CVE-2022-40258
31 Jan 2023 — AMI Megarac Weak password hashes for Redfish & API AMI Megarac Weak password hashes for Redfish & API • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf • CWE-916: Use of Password Hash With Insufficient Computational Effort •