Lenovo Thinkagile Hx7530 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Lenovo Thinkagile Hx7530 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-0683 — CVSS 8.3 (high): A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVE-2023-4606 — CVSS 8.1 (high): An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects…
CVE-2023-4607 — CVSS 7.5 (high): An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2023-29057 — CVSS 7.3 (high): A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to…
CVE-2022-40137 — CVSS 6.7 (medium): A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute…
CVE-2023-29058 — CVSS 6.4 (medium): A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass…
CVE-2023-25492 — CVSS 6.3 (medium): A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a…
CVE-2023-29056 — CVSS 5.3 (medium): A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC…
CVE-2023-25495 — CVSS 4.9 (medium): A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to…
CVE-2022-40134 — CVSS 4.4 (medium): An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access…
CVE-2023-4608 — CVSS 4.1 (medium): An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This…