// For flags

CVE-2023-4608

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. 

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Un usuario de XCC autenticado con privilegios elevados puede realizar una inyección blind SQL en casos limitados a través de un comando API manipulado. Esto afecta a los servidores ThinkSystem v2 y v3 con XCC; Los servidores ThinkSystem v1 no se ven afectados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-08-29 CVE Reserved
  • 2023-10-24 CVE Published
  • 2024-09-11 CVE Updated
  • 2024-10-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Thinkagile Hx5530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx5530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx5530
Search vendor "Lenovo" for product "Thinkagile Hx5530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530
Search vendor "Lenovo" for product "Thinkagile Hx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3331
Search vendor "Lenovo" for product "Thinkagile Vx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx1331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx1331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx1331
Search vendor "Lenovo" for product "Thinkagile Hx1331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx2330 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx2330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx2330
Search vendor "Lenovo" for product "Thinkagile Hx2330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx2331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx2331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx2331
Search vendor "Lenovo" for product "Thinkagile Hx2331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3330 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3330
Search vendor "Lenovo" for product "Thinkagile Hx3330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331
Search vendor "Lenovo" for product "Thinkagile Hx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3331
Search vendor "Lenovo" for product "Thinkagile Hx3331"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3375 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3375 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3375
Search vendor "Lenovo" for product "Thinkagile Hx3375"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx3376 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx3376 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx3376
Search vendor "Lenovo" for product "Thinkagile Hx3376"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx5531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx5531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx5531
Search vendor "Lenovo" for product "Thinkagile Hx5531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7530
Search vendor "Lenovo" for product "Thinkagile Hx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531
Search vendor "Lenovo" for product "Thinkagile Hx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Hx7531
Search vendor "Lenovo" for product "Thinkagile Hx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3330-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3331-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530 F All Flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530 F All Flash
Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530-h Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3530-h Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531 H Hybrid Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531 H Hybrid
Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531-f All-flash Firmware
Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Mx3531-f All-flash
Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx2330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx2330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx2330
Search vendor "Lenovo" for product "Thinkagile Vx2330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3330
Search vendor "Lenovo" for product "Thinkagile Vx3330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx3530-g Firmware
Search vendor "Lenovo" for product "Thinkagile Vx3530-g Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx3530-g
Search vendor "Lenovo" for product "Thinkagile Vx3530-g"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx5530 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx5530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx5530
Search vendor "Lenovo" for product "Thinkagile Vx5530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7330 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7330 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7330
Search vendor "Lenovo" for product "Thinkagile Vx7330"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7530 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7530 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7530
Search vendor "Lenovo" for product "Thinkagile Vx7530"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkagile Vx7531 Firmware
Search vendor "Lenovo" for product "Thinkagile Vx7531 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinkagile Vx7531
Search vendor "Lenovo" for product "Thinkagile Vx7531"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd630 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd630 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd630 V2
Search vendor "Lenovo" for product "Thinksystem Sd630 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V2
Search vendor "Lenovo" for product "Thinksystem Sd650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650-n V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650-n V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sd650-n V2
Search vendor "Lenovo" for product "Thinksystem Sd650-n V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sn550 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sn550 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sn550 V2
Search vendor "Lenovo" for product "Thinksystem Sn550 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr250 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr250 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr250 V2
Search vendor "Lenovo" for product "Thinksystem Sr250 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr258 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr258 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr258 V2
Search vendor "Lenovo" for product "Thinksystem Sr258 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr630 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V2
Search vendor "Lenovo" for product "Thinksystem Sr630 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr645 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr645
Search vendor "Lenovo" for product "Thinksystem Sr645"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr645 V3 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr645 V3
Search vendor "Lenovo" for product "Thinksystem Sr645 V3"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V2
Search vendor "Lenovo" for product "Thinksystem Sr650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr665 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr665 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr665
Search vendor "Lenovo" for product "Thinksystem Sr665"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr670 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr670
Search vendor "Lenovo" for product "Thinksystem Sr670"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr670 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr670 V2
Search vendor "Lenovo" for product "Thinksystem Sr670 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2
Search vendor "Lenovo" for product "Thinksystem Sr850 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V2
Search vendor "Lenovo" for product "Thinksystem Sr850 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2
Search vendor "Lenovo" for product "Thinksystem Sr860 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V2
Search vendor "Lenovo" for product "Thinksystem Sr860 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St250 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St250 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St250 V2
Search vendor "Lenovo" for product "Thinksystem St250 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St258 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St258 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St258 V2
Search vendor "Lenovo" for product "Thinksystem St258 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St650 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St650 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St650 V2
Search vendor "Lenovo" for product "Thinksystem St650 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem St658 V2 Firmware
Search vendor "Lenovo" for product "Thinksystem St658 V2 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Thinksystem St658 V2
Search vendor "Lenovo" for product "Thinksystem St658 V2"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinksystem Sd650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sd665 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sd665 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr630 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr630 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr635 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr635 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr655 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr655 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr665 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr665 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr675 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr675 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr850 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr850 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem Sr860 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem Sr860 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem St650 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem St650 V3 Firmware"
--
Affected
Lenovo
Search vendor "Lenovo"
Thinksystem St658 V3 Firmware
Search vendor "Lenovo" for product "Thinksystem St658 V3 Firmware"
--
Affected