CVE-2023-4608
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Un usuario de XCC autenticado con privilegios elevados puede realizar una inyección blind SQL en casos limitados a través de un comando API manipulado. Esto afecta a los servidores ThinkSystem v2 y v3 con XCC; Los servidores ThinkSystem v1 no se ven afectados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-29 CVE Reserved
- 2023-10-24 CVE Published
- 2024-09-11 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-140960 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkagile Hx5530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx5530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5530 Search vendor "Lenovo" for product "Thinkagile Hx5530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Search vendor "Lenovo" for product "Thinkagile Hx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Vx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3331 Search vendor "Lenovo" for product "Thinkagile Vx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx1331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx1331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1331 Search vendor "Lenovo" for product "Thinkagile Hx1331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx2330 Firmware Search vendor "Lenovo" for product "Thinkagile Hx2330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2330 Search vendor "Lenovo" for product "Thinkagile Hx2330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx2331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx2331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2331 Search vendor "Lenovo" for product "Thinkagile Hx2331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3330 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3330 Search vendor "Lenovo" for product "Thinkagile Hx3330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Search vendor "Lenovo" for product "Thinkagile Hx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Search vendor "Lenovo" for product "Thinkagile Hx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3375 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3375 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3375 Search vendor "Lenovo" for product "Thinkagile Hx3375" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3376 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3376 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3376 Search vendor "Lenovo" for product "Thinkagile Hx3376" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx5531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx5531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5531 Search vendor "Lenovo" for product "Thinkagile Hx5531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Search vendor "Lenovo" for product "Thinkagile Hx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Search vendor "Lenovo" for product "Thinkagile Hx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Search vendor "Lenovo" for product "Thinkagile Hx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3530 F All Flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3530 F All Flash Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3530-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3530-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3531 H Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3531 H Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3531-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3531-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx2330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx2330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx2330 Search vendor "Lenovo" for product "Thinkagile Vx2330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx3330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3330 Search vendor "Lenovo" for product "Thinkagile Vx3330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3530-g Firmware Search vendor "Lenovo" for product "Thinkagile Vx3530-g Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3530-g Search vendor "Lenovo" for product "Thinkagile Vx3530-g" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx5530 Firmware Search vendor "Lenovo" for product "Thinkagile Vx5530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx5530 Search vendor "Lenovo" for product "Thinkagile Vx5530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7330 Search vendor "Lenovo" for product "Thinkagile Vx7330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7530 Search vendor "Lenovo" for product "Thinkagile Vx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7531 Search vendor "Lenovo" for product "Thinkagile Vx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd630 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd630 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd630 V2 Search vendor "Lenovo" for product "Thinksystem Sd630 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V2 Search vendor "Lenovo" for product "Thinksystem Sd650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650-n V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650-n V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd650-n V2 Search vendor "Lenovo" for product "Thinksystem Sd650-n V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sn550 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sn550 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sn550 V2 Search vendor "Lenovo" for product "Thinksystem Sn550 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr250 Firmware Search vendor "Lenovo" for product "Thinksystem Sr250 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr250 V2 Search vendor "Lenovo" for product "Thinksystem Sr250 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr258 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr258 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr258 V2 Search vendor "Lenovo" for product "Thinksystem Sr258 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr630 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V2 Search vendor "Lenovo" for product "Thinksystem Sr630 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr645 Firmware Search vendor "Lenovo" for product "Thinksystem Sr645 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr645 Search vendor "Lenovo" for product "Thinksystem Sr645" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr645 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr645 V3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr645 V3 Search vendor "Lenovo" for product "Thinksystem Sr645 V3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V2 Search vendor "Lenovo" for product "Thinksystem Sr650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr665 Firmware Search vendor "Lenovo" for product "Thinksystem Sr665 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr665 Search vendor "Lenovo" for product "Thinksystem Sr665" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr670 Firmware Search vendor "Lenovo" for product "Thinksystem Sr670 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr670 Search vendor "Lenovo" for product "Thinksystem Sr670" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr670 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr670 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr670 V2 Search vendor "Lenovo" for product "Thinksystem Sr670 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Search vendor "Lenovo" for product "Thinksystem Sr850 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Search vendor "Lenovo" for product "Thinksystem Sr850 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Search vendor "Lenovo" for product "Thinksystem Sr860 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Search vendor "Lenovo" for product "Thinksystem Sr860 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St250 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St250 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St250 V2 Search vendor "Lenovo" for product "Thinksystem St250 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St258 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St258 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St258 V2 Search vendor "Lenovo" for product "Thinksystem St258 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St650 V2 Search vendor "Lenovo" for product "Thinksystem St650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St658 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St658 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St658 V2 Search vendor "Lenovo" for product "Thinksystem St658 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sd665 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sd665 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr630 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr635 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr635 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr655 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr655 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr665 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr665 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr675 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr675 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem St650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem St650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem St658 V3 Firmware Search vendor "Lenovo" for product "Thinksystem St658 V3 Firmware" | - | - |
Affected
| ||||||