Thinkagile hx enclosure firmware

This hub aggregates every CVE we track for Thinkagile hx enclosure firmware, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Thinkagile hx enclosure firmware.

• CVE-2024-2659 A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administr...7.2Apr 15, 2024
• CVE-2023-4607An authenticated XCC user can change permissions for any user through a crafted API command.7.5Oct 24, 2023
• CVE-2023-0683A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.8.3May 1, 2023
• CVE-2023-25492A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.6.3May 1, 2023
• CVE-2023-25495A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configuratio...4.9Apr 28, 2023
• CVE-2023-29056A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/A...5.3Apr 28, 2023
• CVE-2023-29057A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be co...7.3Apr 28, 2023
• CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disa...6.4Apr 28, 2023