Vulnerabilities > AMI > Megarac SP X > 13

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-34337 Inadequate Encryption Strength vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC).
network
low complexity
ami CWE-326
8.8
2023-07-05 CVE-2023-34338 Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate.
network
low complexity
ami CWE-798
critical
9.8
2023-07-05 CVE-2023-34471 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC).
network
low complexity
ami
8.1
2023-07-05 CVE-2023-34472 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers.
network
low complexity
ami
6.5
2023-07-05 CVE-2023-34473 Use of Hard-coded Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials.
network
low complexity
ami CWE-798
8.8
2023-04-18 CVE-2023-28863 Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
network
low complexity
ami CWE-345
critical
9.1
2023-02-15 CVE-2023-25191 Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPX devices allow Password Disclosure through Redfish.
network
low complexity
ami CWE-522
7.5
2023-02-15 CVE-2023-25192 Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPX devices allow User Enumeration through Redfish.
network
low complexity
ami CWE-668
5.3
2023-01-30 CVE-2022-26872 Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13
AMI Megarac Password reset interception via API
network
low complexity
ami CWE-640
8.8
2022-12-05 CVE-2022-2827 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC User Enumeration Vulnerability
network
low complexity
ami
7.5