GCVE - cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Lenovo (`c98ed681-bc65-5c44-8bbb-e0a228f96d0e`)
Product	Thinkagile Hx3376 Firmware (`f1be6e3e-b17f-59be-817a-625c1a07cd2e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8281`	vulnerable	2026-06-03 14:58:17.909601	Details available HIGH (7.2) An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. Published: 2024-09-13T17:27:48.442Z Updated: 2024-09-13T20:53:47.959Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8280`	vulnerable	2026-06-03 14:58:17.884515	Details available HIGH (7.2) An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. Published: 2024-09-13T17:27:39.022Z Updated: 2024-09-13T21:01:59.322Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8279`	vulnerable	2026-06-03 14:58:17.865294	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-09-13T17:27:30.967Z Updated: 2024-09-13T21:02:15.683Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8278`	vulnerable	2026-06-03 14:58:17.730371	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Published: 2024-09-13T17:27:19.968Z Updated: 2024-09-13T21:02:31.667Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-172051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45105`	vulnerable	2026-06-03 14:56:48.368916	Details available MEDIUM (6.7) An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. Published: 2024-09-13T17:29:08.267Z Updated: 2024-09-16T17:38:38.871Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-165524	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38512`	vulnerable	2026-06-03 14:56:18.935637	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Published: 2024-07-26T19:45:31.829Z Updated: 2024-08-02T04:12:25.173Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38511`	vulnerable	2026-06-03 14:56:18.929872	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-07-26T19:45:21.293Z Updated: 2024-08-02T04:12:25.141Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38510`	vulnerable	2026-06-03 14:56:18.923157	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Published: 2024-07-26T19:45:12.150Z Updated: 2024-08-02T04:12:24.688Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38509`	vulnerable	2026-06-03 14:56:18.918595	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. Published: 2024-07-26T19:45:01.471Z Updated: 2024-08-02T04:12:24.979Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38508`	vulnerable	2026-06-03 14:56:18.851958	Details available HIGH (7.2) A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. Published: 2024-07-26T19:44:50.100Z Updated: 2024-08-02T04:12:25.569Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-156781	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4608`	vulnerable	2026-06-03 14:53:29.033672	Details available MEDIUM (4.1) An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Published: 2023-10-24T20:25:49.416Z Updated: 2024-09-11T20:38:29.704Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4607`	vulnerable	2026-06-03 14:53:28.953987	Details available HIGH (7.5) An authenticated XCC user can change permissions for any user through a crafted API command. Published: 2023-10-24T20:25:30.100Z Updated: 2024-12-03T14:39:50.517Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4606`	vulnerable	2026-06-03 14:53:28.901360	Details available HIGH (8.1) An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. Published: 2023-10-24T20:25:09.243Z Updated: 2024-09-11T18:24:50.644Z Open on db.gcve.eu Reference links https://support.lenovo.com/us/en/product_security/LEN-140960	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.