Product:

Thinksystem_sr645_v3_firmware

(Lenovo)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 9
Date Id Summary Products Score Patch Annotated
2023-10-25 CVE-2023-4607 An authenticated XCC user can change permissions for any user through a crafted API command. Thinkagile_hx1021_edg_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_all\-Flash_firmware, Thinkagile_mx3330\-H_hybrid_firmware, Thinkagile_mx3331\-F_all\-Flash_firmware, Thinkagile_mx3331\-H_hybrid_firmware, Thinkagile_mx3530\-H_hybrid_firmware, Thinkagile_mx3530_f_all_flash_firmware, Thinkagile_mx3531\-F_all\-Flash_firmware, Thinkagile_mx3531_h_hybrid_firmware, Thinkagile_mx630_v3_firmware, Thinkagile_mx630_v3_intergrated_system_firmware, Thinkagile_mx650_v3_firmware, Thinkagile_mx650_v3_intergrated_system_firmware, Thinkagile_mx_edge\-_mx1020__firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_dual_node_tray_firmware, Thinksystem_sd650_dwc_dual_node_tray_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_sd650_v3_firmware, Thinksystem_sd665_v3_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr630_v3_firmware, Thinksystem_sr635_v3_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr650_v3_firmware, Thinksystem_sr655_v3_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr675_v3_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850_v3_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr860_v3_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st650_v3_firmware, Thinksystem_st658_v2_firmware, Thinksystem_st658_v3_firmware 8.8
2023-10-25 CVE-2023-4606 An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Thinkagile_hx1331_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_mx3330\-F_all\-Flash_firmware, Thinkagile_mx3330\-H_hybrid_firmware, Thinkagile_mx3331\-F_all\-Flash_firmware, Thinkagile_mx3331\-H_hybrid_firmware, Thinkagile_mx3530\-H_hybrid_firmware, Thinkagile_mx3530_f_all_flash_firmware, Thinkagile_mx3531\-F_all\-Flash_firmware, Thinkagile_mx3531_h_hybrid_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_sd650_v3_firmware, Thinksystem_sd665_v3_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sr250_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr630_v3_firmware, Thinksystem_sr635_v3_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr650_v3_firmware, Thinksystem_sr655_v3_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr675_v3_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850_v3_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr860_v3_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st650_v3_firmware, Thinksystem_st658_v2_firmware, Thinksystem_st658_v3_firmware 8.1
2023-10-25 CVE-2023-4608 An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Thinkagile_hx1331_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_mx3330\-F_all\-Flash_firmware, Thinkagile_mx3330\-H_hybrid_firmware, Thinkagile_mx3331\-F_all\-Flash_firmware, Thinkagile_mx3331\-H_hybrid_firmware, Thinkagile_mx3530\-H_hybrid_firmware, Thinkagile_mx3530_f_all_flash_firmware, Thinkagile_mx3531\-F_all\-Flash_firmware, Thinkagile_mx3531_h_hybrid_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_sd650_v3_firmware, Thinksystem_sd665_v3_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sr250_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr630_v3_firmware, Thinksystem_sr635_v3_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr650_v3_firmware, Thinksystem_sr655_v3_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr675_v3_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850_v3_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr860_v3_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st650_v3_firmware, Thinksystem_st658_v2_firmware, Thinksystem_st658_v3_firmware 7.2
2023-04-28 CVE-2023-29057 A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 8.8
2023-05-01 CVE-2023-0683 A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 8.8
2023-05-01 CVE-2023-25492 A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 8.8
2023-04-28 CVE-2023-25495 A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 4.9
2023-04-28 CVE-2023-29056 A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 5.9
2023-04-28 CVE-2023-29058 A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. Thinkagile_hx1021_firmware, Thinkagile_hx1320_firmware, Thinkagile_hx1321_firmware, Thinkagile_hx1331_firmware, Thinkagile_hx1520\-R_firmware, Thinkagile_hx1521\-R_firmware, Thinkagile_hx2320\-E_firmware, Thinkagile_hx2321_firmware, Thinkagile_hx2330_firmware, Thinkagile_hx2331_firmware, Thinkagile_hx2720\-E_firmware, Thinkagile_hx3320_firmware, Thinkagile_hx3321_firmware, Thinkagile_hx3330_firmware, Thinkagile_hx3331_firmware, Thinkagile_hx3375_firmware, Thinkagile_hx3376_firmware, Thinkagile_hx3520\-G_firmware, Thinkagile_hx3521\-G_firmware, Thinkagile_hx3720_firmware, Thinkagile_hx3721_firmware, Thinkagile_hx5520\-C_firmware, Thinkagile_hx5520_firmware, Thinkagile_hx5521\-C_firmware, Thinkagile_hx5521_firmware, Thinkagile_hx5530_firmware, Thinkagile_hx5531_firmware, Thinkagile_hx7520_firmware, Thinkagile_hx7521_firmware, Thinkagile_hx7530_firmware, Thinkagile_hx7531_firmware, Thinkagile_hx7820_firmware, Thinkagile_hx7821_firmware, Thinkagile_hx_enclosure_firmware, Thinkagile_mx1020_firmware, Thinkagile_mx1021_on_se350_firmware, Thinkagile_mx3330\-F_firmware, Thinkagile_mx3330\-H_firmware, Thinkagile_mx3331\-F_firmware, Thinkagile_mx3331\-H_firmware, Thinkagile_mx3530\-H_firmware, Thinkagile_mx3530_f_firmware, Thinkagile_mx3531\-F_firmware, Thinkagile_mx3531_h_firmware, Thinkagile_vx1320_firmware, Thinkagile_vx2320_firmware, Thinkagile_vx2330_firmware, Thinkagile_vx3320_firmware, Thinkagile_vx3330_firmware, Thinkagile_vx3331_firmware, Thinkagile_vx3520\-G_firmware, Thinkagile_vx3530\-G_firmware, Thinkagile_vx3720_firmware, Thinkagile_vx5520_firmware, Thinkagile_vx5530_firmware, Thinkagile_vx7320_n_firmware, Thinkagile_vx7330_firmware, Thinkagile_vx7520_firmware, Thinkagile_vx7520_n_firmware, Thinkagile_vx7530_firmware, Thinkagile_vx7531_firmware, Thinkagile_vx7820_firmware, Thinkagile_vx_1se_firmware, Thinkagile_vx_2u4n_firmware, Thinkagile_vx_4u_firmware, Thinkedge_se450__firmware, Thinkstation_p920_firmware, Thinksystem_sd530_firmware, Thinksystem_sd630_v2_firmware, Thinksystem_sd650\-N_v2_firmware, Thinksystem_sd650_firmware, Thinksystem_sd650_v2_firmware, Thinksystem_se350_firmware, Thinksystem_sn550_firmware, Thinksystem_sn550_v2_firmware, Thinksystem_sn850_firmware, Thinksystem_sr150_firmware, Thinksystem_sr158_firmware, Thinksystem_sr250_firmware, Thinksystem_sr250_v2_firmware, Thinksystem_sr258_firmware, Thinksystem_sr258_v2_firmware, Thinksystem_sr530_firmware, Thinksystem_sr550_firmware, Thinksystem_sr570_firmware, Thinksystem_sr590_firmware, Thinksystem_sr630_firmware, Thinksystem_sr630_v2_firmware, Thinksystem_sr645_firmware, Thinksystem_sr645_v3_firmware, Thinksystem_sr650_firmware, Thinksystem_sr650_v2_firmware, Thinksystem_sr665_firmware, Thinksystem_sr665_v3_firmware, Thinksystem_sr670_firmware, Thinksystem_sr670_v2_firmware, Thinksystem_sr850_firmware, Thinksystem_sr850_v2_firmware, Thinksystem_sr850p_firmware, Thinksystem_sr860_firmware, Thinksystem_sr860_v2_firmware, Thinksystem_sr950_firmware, Thinksystem_st250_firmware, Thinksystem_st250_v2_firmware, Thinksystem_st258_firmware, Thinksystem_st258_v2_firmware, Thinksystem_st550_firmware, Thinksystem_st650_v2_firmware, Thinksystem_st658_v2_firmware 6.5