Vulnerabilities > AMI > Megarac SP X

DATE CVE VULNERABILITY TITLE RISK
2023-06-12 CVE-2023-34344 Information Exposure Through Discrepancy vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.
network
low complexity
ami CWE-203
5.3
2023-06-12 CVE-2023-34345 Path Traversal vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.
network
low complexity
ami CWE-22
6.5
2023-04-18 CVE-2023-28863 Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
network
low complexity
ami CWE-345
critical
9.1
2023-02-15 CVE-2023-25191 Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPX devices allow Password Disclosure through Redfish.
network
low complexity
ami CWE-522
7.5
2023-02-15 CVE-2023-25192 Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPX devices allow User Enumeration through Redfish.
network
low complexity
ami CWE-668
5.3
2023-01-30 CVE-2022-26872 Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13
AMI Megarac Password reset interception via API
network
low complexity
ami CWE-640
8.8
2022-12-05 CVE-2022-2827 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC User Enumeration Vulnerability
network
low complexity
ami
7.5
2022-12-05 CVE-2022-40242 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-40259 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8