Ami MegaRAC SP-X 13
Approved changes feed: RSS · Atom
cpe:2.3:o:ami:megarac_sp-x:13:-:*:*:*:*:*:*
part: o version: 13 update: -
| Vendor | Ami (0db97362-1418-5fb2-aa0a-1f52d459917d) |
|---|---|
| Product | Megarac Sp X (b6797ef6-a819-5a9b-84b5-03089b291e33) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-34473 |
vulnerable | 2026-06-08 06:06:25.662054 |
Usage of Hard-coded Credentials
MEDIUM (6.6)
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
Published: 2023-07-05T18:10:11.083Z
Updated: 2024-11-21T14:51:32.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34472 |
vulnerable | 2026-06-08 06:06:25.661530 |
Details available
MEDIUM (5.7)
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.
Published: 2023-07-05T18:08:16.990Z
Updated: 2024-10-28T17:43:14.920Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34471 |
vulnerable | 2026-06-08 06:06:25.660958 |
Missing Cryptographic Step
MEDIUM (6.3)
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.
Published: 2023-07-05T18:05:43.341Z
Updated: 2024-11-21T14:53:57.955Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34338 |
vulnerable | 2026-06-08 06:06:25.076718 |
hard coded cryptographic key
HIGH (7.1)
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
Published: 2023-07-05T18:02:37.919Z
Updated: 2024-11-21T14:56:24.585Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34337 |
vulnerable | 2026-06-08 06:06:25.076217 |
Inadequate Encryption Strength
HIGH (7.6)
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
Published: 2023-07-05T18:01:27.004Z
Updated: 2024-11-20T21:15:26.767Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34330 |
vulnerable | 2026-06-08 06:06:25.070260 |
Code injection via Dynamic Redfish Extension interface
HIGH (8.2)
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.
Published: 2023-07-18T17:12:09.153Z
Updated: 2025-02-13T16:55:29.135Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34329 |
vulnerable | 2026-06-08 06:06:25.068621 |
Authentication Bypass via HTTP Header Spoofing
CRITICAL (9.1)
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.
Published: 2023-07-18T17:11:10.532Z
Updated: 2025-02-13T16:55:28.629Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28863 |
vulnerable | 2026-06-08 06:02:36.560447 |
Details available
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
Published: 2023-04-18T00:00:00.000Z
Updated: 2024-08-02T13:51:38.551Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25192 |
vulnerable | 2026-06-08 05:56:08.659028 |
Details available
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.
Published: 2023-02-15T00:00:00.000Z
Updated: 2025-03-19T15:38:11.906Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25191 |
vulnerable | 2026-06-08 05:56:08.658477 |
Details available
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
Published: 2023-02-15T00:00:00.000Z
Updated: 2025-03-19T15:39:07.444Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26872 |
vulnerable | 2026-06-08 05:41:54.385970 |
Password reset interception via API
HIGH (8.3)
AMI Megarac Password reset interception via API
Published: 2023-01-30T15:55:38.826Z
Updated: 2025-02-13T16:32:31.221Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.