7.2
CWE
89
Advisory Published
Updated

CVE-2023-4608: SQL Injection

First published: Tue Oct 24 2023(Updated: )

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
All of
Lenovo Thinkagile Hx5530 Firmware
Lenovo Thinkagile Hx5530
All of
Lenovo Thinkagile Hx7530 Firmware
Lenovo Thinkagile Hx7530
All of
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Vx3331
All of
Lenovo Thinkagile Hx1331 Firmware
Lenovo Thinkagile Hx1331
All of
Lenovo Thinkagile Hx2330 Firmware
Lenovo Thinkagile Hx2330
All of
Lenovo Thinkagile Hx2331 Firmware
Lenovo Thinkagile Hx2331
All of
Lenovo Thinkagile Hx3330 Firmware
Lenovo Thinkagile Hx3330
All of
Lenovo Thinkagile Hx3331 Firmware
Lenovo Thinkagile Hx3331
All of
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3375
All of
Lenovo Thinkagile Hx3376 Firmware
Lenovo Thinkagile Hx3376
All of
Lenovo Thinkagile Hx5531 Firmware
Lenovo Thinkagile Hx5531
All of
Lenovo Thinkagile Hx7531 Firmware
Lenovo Thinkagile Hx7531
All of
Lenovo Thinkagile Mx3330-f All-flash Firmware
Lenovo Thinkagile Mx3330-f All-flash
All of
Lenovo Thinkagile Mx3330-h Hybrid Firmware
Lenovo Thinkagile Mx3330-h Hybrid
All of
Lenovo Thinkagile Mx3331-f All-flash Firmware
Lenovo Thinkagile Mx3331-f All-flash
All of
Lenovo Thinkagile Mx3331-h Hybrid Firmware
Lenovo Thinkagile Mx3331-h Hybrid
All of
Lenovo Thinkagile Mx3530 F All Flash Firmware
Lenovo Thinkagile Mx3530 F All Flash
All of
Lenovo Thinkagile Mx3530-h Hybrid Firmware
Lenovo Thinkagile Mx3530-h Hybrid
All of
Lenovo Thinkagile Mx3531 H Hybrid Firmware
Lenovo Thinkagile Mx3531 H Hybrid
All of
Lenovo Thinkagile Mx3531-f All-flash Firmware
Lenovo Thinkagile Mx3531-f All-flash
All of
Lenovo Thinkagile Vx2330 Firmware
Lenovo Thinkagile Vx2330
All of
Lenovo Thinkagile Vx3330 Firmware
Lenovo Thinkagile Vx3330
All of
Lenovo Thinkagile Vx3530-g Firmware
Lenovo Thinkagile Vx3530-g
All of
Lenovo Thinkagile Vx5530 Firmware
Lenovo Thinkagile Vx5530
All of
Lenovo Thinkagile Vx7330 Firmware
Lenovo Thinkagile Vx7330
All of
Lenovo Thinkagile Vx7530 Firmware
Lenovo Thinkagile Vx7530
All of
Lenovo Thinkagile Vx7531 Firmware
Lenovo Thinkagile Vx7531
All of
Lenovo Thinksystem Sd630 V2 Firmware
Lenovo Thinksystem Sd630 V2
All of
Lenovo Thinksystem Sd650 V2 Firmware
Lenovo Thinksystem Sd650 V2
Lenovo Thinksystem Sd650 V3 Firmware
All of
Lenovo Thinksystem Sd650-n V2 Firmware
Lenovo Thinksystem Sd650-n V2
Lenovo Thinksystem Sd665 V3 Firmware
All of
Lenovo Thinksystem Sn550 V2 Firmware
Lenovo Thinksystem Sn550 V2
All of
Lenovo Thinksystem Sr250 Firmware
Lenovo Thinksystem Sr250 V2
All of
Lenovo Thinksystem Sr258 V2 Firmware
Lenovo Thinksystem Sr258 V2
All of
Lenovo Thinksystem Sr630 V2 Firmware
Lenovo Thinksystem Sr630 V2
Lenovo Thinksystem Sr630 V3 Firmware
Lenovo Thinksystem Sr635 V3 Firmware
All of
Lenovo Thinksystem Sr645 Firmware
Lenovo Thinksystem Sr645
All of
Lenovo Thinksystem Sr645 V3 Firmware
Lenovo Thinksystem Sr645 V3
All of
Lenovo Thinksystem Sr650 V2 Firmware
Lenovo Thinksystem Sr650 V2
Lenovo Thinksystem Sr650 V3 Firmware
Lenovo Thinksystem Sr655 V3 Firmware
All of
Lenovo Thinksystem Sr665 Firmware
Lenovo Thinksystem Sr665
Lenovo Thinksystem Sr665 V3 Firmware
All of
Lenovo Thinksystem Sr670 Firmware
Lenovo Thinksystem Sr670
All of
Lenovo Thinksystem Sr670 V2 Firmware
Lenovo Thinksystem Sr670 V2
Lenovo Thinksystem Sr675 V3 Firmware
All of
Lenovo Thinksystem Sr850 V2 Firmware
Lenovo Thinksystem Sr850 V2
Lenovo Thinksystem Sr850 V3 Firmware
All of
Lenovo Thinksystem Sr860 V2 Firmware
Lenovo Thinksystem Sr860 V2
Lenovo Thinksystem Sr860 V3 Firmware
All of
Lenovo Thinksystem St250 V2 Firmware
Lenovo Thinksystem St250 V2
All of
Lenovo Thinksystem St258 V2 Firmware
Lenovo Thinksystem St258 V2
All of
Lenovo Thinksystem St650 V2 Firmware
Lenovo Thinksystem St650 V2
Lenovo Thinksystem St650 V3 Firmware
All of
Lenovo Thinksystem St658 V2 Firmware
Lenovo Thinksystem St658 V2
Lenovo Thinksystem St658 V3 Firmware

Remedy

Upgrade to the product version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140960

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203