Vulnerabilities > Supermicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-35861 OS Command Injection vulnerability in Supermicro products
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.
network
low complexity
supermicro CWE-78
critical
9.8
2019-09-21 CVE-2019-16650 Unspecified vulnerability in Supermicro products
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number.
network
low complexity
supermicro
critical
10.0
2019-09-21 CVE-2019-16649 Insufficiently Protected Credentials vulnerability in Supermicro products
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices.
network
low complexity
supermicro CWE-522
critical
10.0
2019-07-01 CVE-2019-13131 Missing Authentication for Critical Function vulnerability in Supermicro Superdoctor 5
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
network
low complexity
supermicro CWE-306
critical
9.8