Количество 3
Количество 3
CVE-2024-38510
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
GHSA-9p3q-q3jf-q5p4
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
BDU:2025-00193
Уязвимость контроллера Lenovo XClarity Controller (XCC) для серверов Lenovo ThinkSystem, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-38510 A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | CVSS3: 7.2 | 1% Низкий | больше 1 года назад |
| GHSA-9p3q-q3jf-q5p4 A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | CVSS3: 7.2 | 1% Низкий | больше 1 года назад |
 | BDU:2025-00193 Уязвимость контроллера Lenovo XClarity Controller (XCC) для серверов Lenovo ThinkSystem, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольные команды | CVSS3: 7.2 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу