Vulnerabilities > Lenovo > Thinkagile Mx3330 H Hybrid Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-4606 Missing Authorization vulnerability in Lenovo products
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
network
low complexity
lenovo CWE-862
8.1
2023-10-25 CVE-2023-4607 Unspecified vulnerability in Lenovo products
An authenticated XCC user can change permissions for any user through a crafted API command.
network
low complexity
lenovo
8.8
2023-10-25 CVE-2023-4608 Unspecified vulnerability in Lenovo products
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
network
low complexity
lenovo
7.2
2023-01-30 CVE-2022-40137 Classic Buffer Overflow vulnerability in Lenovo products
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
local
low complexity
lenovo CWE-120
6.7