X7Spa HF

DATE	CVE	VULNERABILITY TITLE	RISK
2013-09-08	CVE-2013-3609	Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. network low complexity supermicro CWE-20 critical	10.0
2013-09-08	CVE-2013-3608	Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. network low complexity supermicro CWE-20 critical	10.0
2013-09-08	CVE-2013-3607	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Supermicro products Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. network low complexity supermicro CWE-119 critical	10.0