Vulnerabilities > AMI > Megarac SP X > 13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-05 | CVE-2023-34337 | Inadequate Encryption Strength vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). | 8.8 |
2023-07-05 | CVE-2023-34338 | Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. | 9.8 |
2023-07-05 | CVE-2023-34471 | Unspecified vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). | 8.1 |
2023-07-05 | CVE-2023-34472 | Unspecified vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. | 6.5 |
2023-07-05 | CVE-2023-34473 | Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. | 8.8 |
2023-04-18 | CVE-2023-28863 | Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 |
2023-02-15 | CVE-2023-25191 | Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. | 7.5 |
2023-02-15 | CVE-2023-25192 | Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow User Enumeration through Redfish. | 5.3 |
2023-01-30 | CVE-2022-26872 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13 AMI Megarac Password reset interception via API | 8.8 |
2022-12-05 | CVE-2022-2827 | Unspecified vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC User Enumeration Vulnerability | 7.5 |