Thinkagile hx5530 firmware

This hub aggregates every CVE we track for Thinkagile hx5530 firmware, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Thinkagile hx5530 firmware.

• CVE-2023-4608An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSyste...4.1Oct 24, 2023
• CVE-2023-4607An authenticated XCC user can change permissions for any user through a crafted API command.7.5Oct 24, 2023
• CVE-2023-4606An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 ...8.1Oct 24, 2023
• CVE-2023-0683A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.8.3May 1, 2023
• CVE-2023-25492A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.6.3May 1, 2023
• CVE-2023-25495A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configuratio...4.9Apr 28, 2023
• CVE-2023-29056A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/A...5.3Apr 28, 2023
• CVE-2023-29057A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be co...7.3Apr 28, 2023
• CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disa...6.4Apr 28, 2023
• CVE-2022-40137A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7Jan 30, 2023
• CVE-2022-40134An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.4.4Jan 30, 2023