high
7.2
CWE
89
Advisory Published
Updated

CVE-2023-4608: SQL Injection

First published: Tue Oct 24 2023(Updated: )

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
All of
Lenovo ThinkAgile HX5530 Firmware
Lenovo ThinkAgile HX5530 Firmware
All of
Lenovo ThinkAgile HX7530 Firmware
Lenovo ThinkAgile HX7530 Firmware
All of
Lenovo ThinkAgile VX3331 Firmware
Lenovo ThinkAgile VX3331 Firmware
All of
Lenovo ThinkAgile HX1331 Firmware
Lenovo ThinkAgile HX1331 Firmware
All of
Lenovo ThinkAgile HX2330 Firmware
Lenovo ThinkAgile HX2330 Firmware
All of
Lenovo ThinkAgile HX2331 Firmware
Lenovo ThinkAgile HX2331 Firmware
All of
Lenovo ThinkAgile HX3331 Firmware
Lenovo ThinkAgile HX3330 Firmware
All of
Lenovo ThinkAgile HX3331 Firmware
Lenovo ThinkAgile HX3331 Firmware
All of
Lenovo ThinkAgile HX3375
Lenovo ThinkAgile HX3375
All of
Lenovo ThinkAgile HX3376 Firmware
Lenovo ThinkAgile HX3376 Firmware
All of
Lenovo ThinkAgile HX5531 Firmware
Lenovo ThinkAgile HX5531 Firmware
All of
Lenovo ThinkAgile HX7531 Firmware
Lenovo ThinkAgile HX7531 Firmware
All of
Lenovo ThinkAgile MX Certified Node - All Flash Firmware
Lenovo ThinkAgile MX - All Flash
All of
Lenovo ThinkAgile MX3330-H Firmware
Lenovo ThinkAgile MX3330-H Hybrid Firmware
All of
Lenovo ThinkAgile MX Certified Node - All Flash Firmware
Lenovo ThinkAgile MX3331-F Firmware
All of
Lenovo ThinkAgile MX - Hybrid Firmware
Lenovo ThinkAgile MX3331-H Firmware
All of
Lenovo ThinkAgile MX Certified Node - All Flash Firmware
Lenovo ThinkAgile MX3530 F All Flash
All of
Lenovo ThinkAgile MX3530-H Firmware
Lenovo ThinkAgile MX3530-H Firmware
All of
Lenovo ThinkAgile MX - Hybrid Firmware
Lenovo ThinkAgile MX3531 H Hybrid Firmware
All of
Lenovo ThinkAgile MX Certified Node - All Flash Firmware
Lenovo ThinkAgile MX3531-F
All of
Lenovo ThinkAgile VX2330 Firmware
Lenovo ThinkAgile VX2330
All of
Lenovo ThinkAgile VX3330 Firmware
Lenovo ThinkAgile VX3330 Firmware
All of
Lenovo ThinkAgile VX3530-G Firmware
Lenovo ThinkAgile VX3530-G Firmware
All of
Lenovo ThinkAgile VX5530 Firmware
Lenovo ThinkAgile VX5530 Firmware
All of
Lenovo ThinkAgile VX7330 Firmware
Lenovo ThinkAgile VX7330 Firmware
All of
Lenovo ThinkAgile VX7530
Lenovo ThinkAgile VX7530
All of
Lenovo ThinkAgile VX7531 Firmware
Lenovo ThinkAgile VX7531 Firmware
All of
Lenovo ThinkSystem SD630 V2
Lenovo ThinkSystem SD630 V2 Firmware
All of
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SD650 V2 Firmware
Lenovo ThinkSystem SD650 V3 Firmware
All of
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SD665 V3 Firmware
All of
Lenovo ThinkSystem SN550 V2 Firmware
Lenovo ThinkSystem SN550 V2 Firmware
All of
Lenovo ThinkSystem SR250 Firmware
Lenovo ThinkSystem SR250 V2 Firmware
All of
Lenovo ThinkSystem SR258 V2 Firmware
Lenovo ThinkSystem SR258 V2 Firmware
All of
Lenovo ThinkSystem SR630 V2
Lenovo ThinkSystem SR630 V2 Firmware
Lenovo ThinkSystem SR630 V3 Firmware
Lenovo ThinkSystem SR635 V3 Firmware
All of
Lenovo ThinkSystem SR645 Firmware
Lenovo ThinkSystem SR645 Firmware
All of
Lenovo ThinkSystem SR645 Firmware
Lenovo ThinkSystem SR645 V3 Firmware
All of
Lenovo ThinkSystem SR650 Firmware
Lenovo ThinkSystem SR650 V2 Firmware
Lenovo ThinkSystem SR650 Firmware
Lenovo ThinkSystem SR655 V3 Firmware
All of
Lenovo ThinkSystem SR665 Firmware
Lenovo ThinkSystem SR665
Lenovo ThinkSystem SD665 V3 Firmware
All of
Lenovo ThinkSystem SR670 V2
Lenovo ThinkSystem SR670 V2
All of
Lenovo ThinkSystem SR670 V2
Lenovo ThinkSystem SR670
Lenovo ThinkSystem SR675 V3 Firmware
All of
Lenovo ThinkSystem SR850 V2 Firmware
Lenovo ThinkSystem SR850 V2 Firmware
Lenovo ThinkSystem SR850 Firmware
All of
Lenovo ThinkSystem SR860 V2 Firmware
Lenovo ThinkSystem SR860 V2 Firmware
Lenovo ThinkSystem SR860 Firmware
All of
lenovo thinksystem st250 v2 firmware
lenovo thinksystem st250 v2 firmware
All of
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST258 Firmware
All of
Lenovo ThinkSystem ST650 V2
Lenovo ThinkSystem ST650 V2 Firmware
Lenovo ThinkSystem ST650 V3 Firmware
All of
Lenovo ThinkSystem ST658 V2
Lenovo ThinkSystem ST658 V2 Firmware
Lenovo ThinkSystem ST658 V3 Firmware

Remedy

Upgrade to the product version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140960

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-4608?

    CVE-2023-4608 has a severity rating that indicates a significant risk for authenticated users with elevated privileges.

  • How do I fix CVE-2023-4608?

    To fix CVE-2023-4608, you should update the affected ThinkSystem and ThinkAgile firmware to the latest version provided by Lenovo.

  • Which systems are affected by CVE-2023-4608?

    CVE-2023-4608 affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

  • What type of vulnerability is CVE-2023-4608?

    CVE-2023-4608 is an authenticated blind SQL injection vulnerability.

  • Who is impacted by CVE-2023-4608?

    Authenticated users with elevated privileges on affected Lenovo servers could exploit CVE-2023-4608.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203