Vulnerability CVE-2023-4608


Published: 2023-10-25

Description:
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. 

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://support.lenovo.com/us/en/product_security/LEN-140960

Copyright 2026, cxsecurity.com

 

Back to Top