Vulnerabilities > AMI > Megarac SP X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-12 | CVE-2023-34344 | Information Exposure Through Discrepancy vulnerability in AMI Megarac Sp-X AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. | 5.3 |
| 2023-06-12 | CVE-2023-34345 | Path Traversal vulnerability in AMI Megarac Sp-X AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | 6.5 |
| 2023-04-18 | CVE-2023-28863 | Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 |
| 2023-02-15 | CVE-2023-25191 | Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. | 7.5 |
| 2023-02-15 | CVE-2023-25192 | Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow User Enumeration through Redfish. | 5.3 |
| 2023-01-30 | CVE-2022-26872 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13 AMI Megarac Password reset interception via API | 8.8 |
| 2022-12-05 | CVE-2022-2827 | Unspecified vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC User Enumeration Vulnerability | 7.5 |
| 2022-12-05 | CVE-2022-40242 | Improper Authentication vulnerability in AMI Megarac Sp-X 12/13 MegaRAC Default Credentials Vulnerability | 9.8 |
| 2022-12-05 | CVE-2022-40259 | Improper Authentication vulnerability in AMI Megarac Sp-X 12/13 MegaRAC Default Credentials Vulnerability | 9.8 |