Vulnerabilities > Supermicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-07 CVE-2022-43309 Incorrect Permission Assignment for Critical Resource vulnerability in Supermicro products
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.
local
low complexity
supermicro CWE-732
5.5
2020-01-23 CVE-2013-6785 Path Traversal vulnerability in Supermicro Intelligent Platform Management Interface
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
network
low complexity
supermicro CWE-22
4.0
2020-01-02 CVE-2013-3620 Insufficiently Protected Credentials vulnerability in multiple products
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.
network
low complexity
supermicro citrix CWE-522
5.0
2020-01-02 CVE-2013-3619 Use of Hard-coded Credentials vulnerability in multiple products
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.
4.3
2019-09-21 CVE-2019-16649 Improper Authentication vulnerability in Supermicro products
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices.
network
low complexity
supermicro CWE-287
5.0