CVE-2023-4606

CVSS V2 None CVSS V3 None

Description

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Overview

CVE ID
CVE-2023-4606

Assigner
lenovo

Vulnerability Status
PUBLISHED

Published Version
2023-10-24T20:25:09.243Z

Last Modified Date
2023-10-24T20:25:09.243Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://support.lenovo.com/us/en/product_security/LEN-140960

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4606
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4606

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 19:18:34				Added to TrackCVE