Vulnerabilities > Supermicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-02 | CVE-2013-3619 | Use of Hard-coded Credentials vulnerability in multiple products Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | 8.1 |
| 2019-12-08 | CVE-2019-19642 | OS Command Injection vulnerability in Supermicro X8Sti-F Bios and X8Sti-F Firmware On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. | 8.8 |
| 2019-09-21 | CVE-2019-16650 | Unspecified vulnerability in Supermicro products On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. | 10.0 |
| 2019-09-21 | CVE-2019-16649 | Insufficiently Protected Credentials vulnerability in Supermicro products On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. | 10.0 |
| 2019-07-01 | CVE-2019-13131 | Missing Authentication for Critical Function vulnerability in Supermicro Superdoctor 5 Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE. | 9.8 |
| 2018-07-09 | CVE-2018-13787 | Unspecified vulnerability in Supermicro products Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. | 6.7 |