// For flags

CVE-2023-4606

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.  

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Un usuario XCC autenticado con permiso de solo lectura puede cambiar la contraseña de un usuario diferente mediante un comando API manipulado. Esto afecta a los servidores ThinkSystem v2 y v3 con XCC; Los servidores ThinkSystem v1 no se ven afectados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-08-29 CVE Reserved
  • 2023-10-24 CVE Published
  • 2024-09-11 CVE Updated
  • 2024-10-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Thinkagile Hx5530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx5530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx5530
Search vendor "Lenovo" for product "Thinkagile Hx5530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530
Search vendor "Lenovo" for product "Thinkagile Hx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3331
Search vendor "Lenovo" for product "Thinkagile Vx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx1331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx1331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx1331
Search vendor "Lenovo" for product "Thinkagile Hx1331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx2330 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx2330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx2330
Search vendor "Lenovo" for product "Thinkagile Hx2330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx2331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx2331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx2331
Search vendor "Lenovo" for product "Thinkagile Hx2331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3330 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3330
Search vendor "Lenovo" for product "Thinkagile Hx3330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331
Search vendor "Lenovo" for product "Thinkagile Hx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331
Search vendor "Lenovo" for product "Thinkagile Hx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3375 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3375 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3375
Search vendor "Lenovo" for product "Thinkagile Hx3375"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3376 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3376 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3376
Search vendor "Lenovo" for product "Thinkagile Hx3376"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx5531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx5531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx5531
Search vendor "Lenovo" for product "Thinkagile Hx5531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530
Search vendor "Lenovo" for product "Thinkagile Hx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531
Search vendor "Lenovo" for product "Thinkagile Hx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531
Search vendor "Lenovo" for product "Thinkagile Hx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530 F All Flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530 F All Flash
Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531 H Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531 H Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx2330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx2330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx2330
Search vendor "Lenovo" for product "Thinkagile Vx2330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3330
Search vendor "Lenovo" for product "Thinkagile Vx3330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3530-g Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3530-g Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3530-g
Search vendor "Lenovo" for product "Thinkagile Vx3530-g"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx5530 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx5530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx5530
Search vendor "Lenovo" for product "Thinkagile Vx5530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7330
Search vendor "Lenovo" for product "Thinkagile Vx7330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7530
Search vendor "Lenovo" for product "Thinkagile Vx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7531
Search vendor "Lenovo" for product "Thinkagile Vx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd630 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd630 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd630 V2
Search vendor "Lenovo" for product "Thinksystem Sd630 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V2
Search vendor "Lenovo" for product "Thinksystem Sd650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650-n V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650-n V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd650-n V2
Search vendor "Lenovo" for product "Thinksystem Sd650-n V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sn550 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sn550 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sn550 V2
Search vendor "Lenovo" for product "Thinksystem Sn550 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr250 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr250 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr250 V2
Search vendor "Lenovo" for product "Thinksystem Sr250 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr258 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr258 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr258 V2
Search vendor "Lenovo" for product "Thinksystem Sr258 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr630 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V2
Search vendor "Lenovo" for product "Thinksystem Sr630 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr645 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr645
Search vendor "Lenovo" for product "Thinksystem Sr645"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr645 V3 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 V3
Search vendor "Lenovo" for product "Thinksystem Sr645 V3"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V2
Search vendor "Lenovo" for product "Thinksystem Sr650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr665 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr665 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr665
Search vendor "Lenovo" for product "Thinksystem Sr665"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr670 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr670
Search vendor "Lenovo" for product "Thinksystem Sr670"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr670 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 V2
Search vendor "Lenovo" for product "Thinksystem Sr670 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2
Search vendor "Lenovo" for product "Thinksystem Sr850 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2
Search vendor "Lenovo" for product "Thinksystem Sr850 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2
Search vendor "Lenovo" for product "Thinksystem Sr860 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2
Search vendor "Lenovo" for product "Thinksystem Sr860 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St250 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St250 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St250 V2
Search vendor "Lenovo" for product "Thinksystem St250 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St258 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St258 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St258 V2
Search vendor "Lenovo" for product "Thinksystem St258 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St650 V2
Search vendor "Lenovo" for product "Thinksystem St650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St658 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St658 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St658 V2
Search vendor "Lenovo" for product "Thinksystem St658 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sd665 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd665 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr630 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr635 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr635 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr655 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr655 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr665 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr665 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr675 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr675 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem St650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem St650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem St658 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem St658 V3 Firmware"
--
Affected