CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34335
https://notcve.org/view.php?id=CVE-2023-34335
12 Jun 2023 — AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40258 – Weak password hashes for Redfish & API
https://notcve.org/view.php?id=CVE-2022-40258
31 Jan 2023 — AMI Megarac Weak password hashes for Redfish & API AMI Megarac Weak password hashes for Redfish & API • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023001.pdf • CWE-916: Use of Password Hash With Insufficient Computational Effort •