Vulnerabilities > AMI > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-34469 Unspecified vulnerability in AMI Aptio V
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network.
low complexity
ami
4.6
2023-07-05 CVE-2023-34472 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers.
network
low complexity
ami
6.5
2023-06-12 CVE-2023-34344 Information Exposure Through Discrepancy vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.
network
low complexity
ami CWE-203
5.3
2023-06-12 CVE-2023-34345 Path Traversal vulnerability in AMI Megarac Sp-X
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.
network
low complexity
ami CWE-22
6.5
2023-02-15 CVE-2023-25192 Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC SPX devices allow User Enumeration through Redfish.
network
low complexity
ami CWE-668
5.3
2023-01-31 CVE-2022-40258 Use of Password Hash With Insufficient Computational Effort vulnerability in AMI Megarac Spx-12 and Megarac Spx-13
AMI Megarac Weak password hashes for Redfish & API
network
low complexity
ami CWE-916
5.3