GCVE - cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Lenovo (`c98ed681-bc65-5c44-8bbb-e0a228f96d0e`)
Product	Thinksystem Sr665 Firmware (`ac10e6af-50c1-5c3f-b905-fb51a9067b68`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8281`	vulnerable	2026-06-03 14:58:17.909472	Details available HIGH (7.2) An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. Published: 2024-09-13T17:27:48.442Z Updated: 2024-09-13T20:53:47.959Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8280`	vulnerable	2026-06-03 14:58:17.884316	Details available HIGH (7.2) An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. Published: 2024-09-13T17:27:39.022Z Updated: 2024-09-13T21:01:59.322Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8279`	vulnerable	2026-06-03 14:58:17.865096	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-09-13T17:27:30.967Z Updated: 2024-09-13T21:02:15.683Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8278`	vulnerable	2026-06-03 14:58:17.729325	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Published: 2024-09-13T17:27:19.968Z Updated: 2024-09-13T21:02:31.667Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45105`	vulnerable	2026-06-03 14:56:48.367869	Details available MEDIUM (6.7) An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. Published: 2024-09-13T17:29:08.267Z Updated: 2024-09-16T17:38:38.871Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-165524	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38512`	vulnerable	2026-06-03 14:56:18.937545	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Published: 2024-07-26T19:45:31.829Z Updated: 2024-08-02T04:12:25.173Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38511`	vulnerable	2026-06-03 14:56:18.932217	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-07-26T19:45:21.293Z Updated: 2024-08-02T04:12:25.141Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38510`	vulnerable	2026-06-03 14:56:18.925135	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-07-26T19:45:12.150Z Updated: 2024-08-02T04:12:24.688Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38509`	vulnerable	2026-06-03 14:56:18.920641	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. Published: 2024-07-26T19:45:01.471Z Updated: 2024-08-02T04:12:24.979Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38508`	vulnerable	2026-06-03 14:56:18.900703	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. Published: 2024-07-26T19:44:50.100Z Updated: 2024-08-02T04:12:25.569Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4608`	vulnerable	2026-06-03 14:53:29.034885	Details available MEDIUM (4.1) An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Published: 2023-10-24T20:25:49.416Z Updated: 2024-09-11T20:38:29.704Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4607`	vulnerable	2026-06-03 14:53:28.955242	Details available HIGH (7.5) An authenticated XCC user can change permissions for any user through a crafted API command. Published: 2023-10-24T20:25:30.100Z Updated: 2024-12-03T14:39:50.517Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4606`	vulnerable	2026-06-03 14:53:28.937141	Details available HIGH (8.1) An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Published: 2023-10-24T20:25:09.243Z Updated: 2024-09-11T18:24:50.644Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.