CVE-2023-4608: SQL Injection
First published: Tue Oct 24 2023(Updated: )
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Thinkagile Hx5530 Firmware | ||
| Lenovo Thinkagile Hx5530 | ||
| Lenovo Thinkagile Hx7530 Firmware | ||
| Lenovo Thinkagile Hx7530 | ||
| Lenovo Thinkagile Vx3331 Firmware | ||
| Lenovo Thinkagile Vx3331 | ||
| Lenovo Thinkagile Hx1331 Firmware | ||
| Lenovo Thinkagile Hx1331 | ||
| Lenovo Thinkagile Hx2330 Firmware | ||
| Lenovo Thinkagile Hx2330 | ||
| Lenovo Thinkagile Hx2331 Firmware | ||
| Lenovo Thinkagile Hx2331 | ||
| Lenovo Thinkagile Hx3330 Firmware | ||
| Lenovo Thinkagile Hx3330 | ||
| Lenovo Thinkagile Hx3331 Firmware | ||
| Lenovo Thinkagile Hx3331 | ||
| Lenovo Thinkagile Hx3375 Firmware | ||
| Lenovo Thinkagile Hx3375 | ||
| Lenovo Thinkagile Hx3376 Firmware | ||
| Lenovo Thinkagile Hx3376 | ||
| Lenovo Thinkagile Hx5531 Firmware | ||
| Lenovo Thinkagile Hx5531 | ||
| Lenovo Thinkagile Hx7531 Firmware | ||
| Lenovo Thinkagile Hx7531 | ||
| Lenovo Thinkagile Mx3330-f All-flash Firmware | ||
| Lenovo Thinkagile Mx3330-f All-flash | ||
| Lenovo Thinkagile Mx3330-h Hybrid Firmware | ||
| Lenovo Thinkagile Mx3330-h Hybrid | ||
| Lenovo Thinkagile Mx3331-f All-flash Firmware | ||
| Lenovo Thinkagile Mx3331-f All-flash | ||
| Lenovo Thinkagile Mx3331-h Hybrid Firmware | ||
| Lenovo Thinkagile Mx3331-h Hybrid | ||
| Lenovo Thinkagile Mx3530 F All Flash Firmware | ||
| Lenovo Thinkagile Mx3530 F All Flash | ||
| Lenovo Thinkagile Mx3530-h Hybrid Firmware | ||
| Lenovo Thinkagile Mx3530-h Hybrid | ||
| Lenovo Thinkagile Mx3531 H Hybrid Firmware | ||
| Lenovo Thinkagile Mx3531 H Hybrid | ||
| Lenovo Thinkagile Mx3531-f All-flash Firmware | ||
| Lenovo Thinkagile Mx3531-f All-flash | ||
| Lenovo Thinkagile Vx2330 Firmware | ||
| Lenovo Thinkagile Vx2330 | ||
| Lenovo Thinkagile Vx3330 Firmware | ||
| Lenovo Thinkagile Vx3330 | ||
| Lenovo Thinkagile Vx3530-g Firmware | ||
| Lenovo Thinkagile Vx3530-g | ||
| Lenovo Thinkagile Vx5530 Firmware | ||
| Lenovo Thinkagile Vx5530 | ||
| Lenovo Thinkagile Vx7330 Firmware | ||
| Lenovo Thinkagile Vx7330 | ||
| Lenovo Thinkagile Vx7530 Firmware | ||
| Lenovo Thinkagile Vx7530 | ||
| Lenovo Thinkagile Vx7531 Firmware | ||
| Lenovo Thinkagile Vx7531 | ||
| Lenovo Thinksystem Sd630 V2 Firmware | ||
| Lenovo Thinksystem Sd630 V2 | ||
| Lenovo Thinksystem Sd650 V2 Firmware | ||
| Lenovo Thinksystem Sd650 V2 | ||
| Lenovo Thinksystem Sd650 V3 Firmware | ||
| Lenovo Thinksystem Sd650-n V2 Firmware | ||
| Lenovo Thinksystem Sd650-n V2 | ||
| Lenovo Thinksystem Sd665 V3 Firmware | ||
| Lenovo Thinksystem Sn550 V2 Firmware | ||
| Lenovo Thinksystem Sn550 V2 | ||
| Lenovo Thinksystem Sr250 Firmware | ||
| Lenovo Thinksystem Sr250 V2 | ||
| Lenovo Thinksystem Sr258 V2 Firmware | ||
| Lenovo Thinksystem Sr258 V2 | ||
| Lenovo Thinksystem Sr630 V2 Firmware | ||
| Lenovo Thinksystem Sr630 V2 | ||
| Lenovo Thinksystem Sr630 V3 Firmware | ||
| Lenovo Thinksystem Sr635 V3 Firmware | ||
| Lenovo Thinksystem Sr645 Firmware | ||
| Lenovo Thinksystem Sr645 | ||
| Lenovo Thinksystem Sr645 V3 Firmware | ||
| Lenovo Thinksystem Sr645 V3 | ||
| Lenovo Thinksystem Sr650 V2 Firmware | ||
| Lenovo Thinksystem Sr650 V2 | ||
| Lenovo Thinksystem Sr650 V3 Firmware | ||
| Lenovo Thinksystem Sr655 V3 Firmware | ||
| Lenovo Thinksystem Sr665 Firmware | ||
| Lenovo Thinksystem Sr665 | ||
| Lenovo Thinksystem Sr665 V3 Firmware | ||
| Lenovo Thinksystem Sr670 Firmware | ||
| Lenovo Thinksystem Sr670 | ||
| Lenovo Thinksystem Sr670 V2 Firmware | ||
| Lenovo Thinksystem Sr670 V2 | ||
| Lenovo Thinksystem Sr675 V3 Firmware | ||
| Lenovo Thinksystem Sr850 V2 Firmware | ||
| Lenovo Thinksystem Sr850 V2 | ||
| Lenovo Thinksystem Sr850 V3 Firmware | ||
| Lenovo Thinksystem Sr860 V2 Firmware | ||
| Lenovo Thinksystem Sr860 V2 | ||
| Lenovo Thinksystem Sr860 V3 Firmware | ||
| Lenovo Thinksystem St250 V2 Firmware | ||
| Lenovo Thinksystem St250 V2 | ||
| Lenovo Thinksystem St258 V2 Firmware | ||
| Lenovo Thinksystem St258 V2 | ||
| Lenovo Thinksystem St650 V2 Firmware | ||
| Lenovo Thinksystem St650 V2 | ||
| Lenovo Thinksystem St650 V3 Firmware | ||
| Lenovo Thinksystem St658 V2 Firmware | ||
| Lenovo Thinksystem St658 V2 | ||
| Lenovo Thinksystem St658 V3 Firmware |
Remedy
Upgrade to the product version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140960
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo thinkagile hx5530 firmware
- canonical/lenovo thinkagile hx5530
- canonical/lenovo thinkagile hx7530 firmware
- canonical/lenovo thinkagile hx7530
- canonical/lenovo thinkagile vx3331 firmware
- canonical/lenovo thinkagile vx3331
- canonical/lenovo thinkagile hx1331 firmware
- canonical/lenovo thinkagile hx1331
- canonical/lenovo thinkagile hx2330 firmware
- canonical/lenovo thinkagile hx2330
- canonical/lenovo thinkagile hx2331 firmware
- canonical/lenovo thinkagile hx2331
- canonical/lenovo thinkagile hx3330 firmware
- canonical/lenovo thinkagile hx3330
- canonical/lenovo thinkagile hx3331 firmware
- canonical/lenovo thinkagile hx3331
- canonical/lenovo thinkagile hx3375 firmware
- canonical/lenovo thinkagile hx3375
- canonical/lenovo thinkagile hx3376 firmware
- canonical/lenovo thinkagile hx3376
- canonical/lenovo thinkagile hx5531 firmware
- canonical/lenovo thinkagile hx5531
- canonical/lenovo thinkagile hx7531 firmware
- canonical/lenovo thinkagile hx7531
- canonical/lenovo thinkagile mx3330-f all-flash firmware
- canonical/lenovo thinkagile mx3330-f all-flash
- canonical/lenovo thinkagile mx3330-h hybrid firmware
- canonical/lenovo thinkagile mx3330-h hybrid
- canonical/lenovo thinkagile mx3331-f all-flash firmware
- canonical/lenovo thinkagile mx3331-f all-flash
- canonical/lenovo thinkagile mx3331-h hybrid firmware
- canonical/lenovo thinkagile mx3331-h hybrid
- canonical/lenovo thinkagile mx3530 f all flash firmware
- canonical/lenovo thinkagile mx3530 f all flash
- canonical/lenovo thinkagile mx3530-h hybrid firmware
- canonical/lenovo thinkagile mx3530-h hybrid
- canonical/lenovo thinkagile mx3531 h hybrid firmware
- canonical/lenovo thinkagile mx3531 h hybrid
- canonical/lenovo thinkagile mx3531-f all-flash firmware
- canonical/lenovo thinkagile mx3531-f all-flash
- canonical/lenovo thinkagile vx2330 firmware
- canonical/lenovo thinkagile vx2330
- canonical/lenovo thinkagile vx3330 firmware
- canonical/lenovo thinkagile vx3330
- canonical/lenovo thinkagile vx3530-g firmware
- canonical/lenovo thinkagile vx3530-g
- canonical/lenovo thinkagile vx5530 firmware
- canonical/lenovo thinkagile vx5530
- canonical/lenovo thinkagile vx7330 firmware
- canonical/lenovo thinkagile vx7330
- canonical/lenovo thinkagile vx7530 firmware
- canonical/lenovo thinkagile vx7530
- canonical/lenovo thinkagile vx7531 firmware
- canonical/lenovo thinkagile vx7531
- canonical/lenovo thinksystem sd630 v2 firmware
- canonical/lenovo thinksystem sd630 v2
- canonical/lenovo thinksystem sd650 v2 firmware
- canonical/lenovo thinksystem sd650 v2
- canonical/lenovo thinksystem sd650 v3 firmware
- canonical/lenovo thinksystem sd650-n v2 firmware
- canonical/lenovo thinksystem sd650-n v2
- canonical/lenovo thinksystem sd665 v3 firmware
- canonical/lenovo thinksystem sn550 v2 firmware
- canonical/lenovo thinksystem sn550 v2
- canonical/lenovo thinksystem sr250 firmware
- canonical/lenovo thinksystem sr250 v2
- canonical/lenovo thinksystem sr258 v2 firmware
- canonical/lenovo thinksystem sr258 v2
- canonical/lenovo thinksystem sr630 v2 firmware
- canonical/lenovo thinksystem sr630 v2
- canonical/lenovo thinksystem sr630 v3 firmware
- canonical/lenovo thinksystem sr635 v3 firmware
- canonical/lenovo thinksystem sr645 firmware
- canonical/lenovo thinksystem sr645
- canonical/lenovo thinksystem sr645 v3 firmware
- canonical/lenovo thinksystem sr645 v3
- canonical/lenovo thinksystem sr650 v2 firmware
- canonical/lenovo thinksystem sr650 v2
- canonical/lenovo thinksystem sr650 v3 firmware
- canonical/lenovo thinksystem sr655 v3 firmware
- canonical/lenovo thinksystem sr665 firmware
- canonical/lenovo thinksystem sr665
- canonical/lenovo thinksystem sr665 v3 firmware
- canonical/lenovo thinksystem sr670 firmware
- canonical/lenovo thinksystem sr670
- canonical/lenovo thinksystem sr670 v2 firmware
- canonical/lenovo thinksystem sr670 v2
- canonical/lenovo thinksystem sr675 v3 firmware
- canonical/lenovo thinksystem sr850 v2 firmware
- canonical/lenovo thinksystem sr850 v2
- canonical/lenovo thinksystem sr850 v3 firmware
- canonical/lenovo thinksystem sr860 v2 firmware
- canonical/lenovo thinksystem sr860 v2
- canonical/lenovo thinksystem sr860 v3 firmware
- canonical/lenovo thinksystem st250 v2 firmware
- canonical/lenovo thinksystem st250 v2
- canonical/lenovo thinksystem st258 v2 firmware
- canonical/lenovo thinksystem st258 v2
- canonical/lenovo thinksystem st650 v2 firmware
- canonical/lenovo thinksystem st650 v2
- canonical/lenovo thinksystem st650 v3 firmware
- canonical/lenovo thinksystem st658 v2 firmware
- canonical/lenovo thinksystem st658 v2
- canonical/lenovo thinksystem st658 v3 firmware