SQL Injection Vulnerability in ThinkSystem Servers by Lenovo
CVE-2023-4608
4.1MEDIUM
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 25 October 2023
What is CVE-2023-4608?
A blind SQL injection vulnerability exists in Lenovo ThinkSystem servers, affecting versions v2 and v3. This security flaw allows an authenticated XCC user with elevated privileges to execute a crafted API command resulting in unauthorized database access. It is crucial to mitigate this risk to protect sensitive data from potential exploitation.
Affected Version(s)
Lenovo XClarity Controller (XCC) various