CVE-2023-4608 MEDIUM

CVE-2023-4608

Vendor Lenovo

Product Lenovo XClarity Controller (XCC)

Weakness CWE-89 · SQLi

Published October 24, 2023

Last update September 11, 2024

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Key dates

02Disclosure timeline

October 24, 2023 CVE published

September 11, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4608

Related vulnerabilities

04Related CVE

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution CVE-2025-8188 Campcodes Courier Management System edit_staff.php sql injection CVE-2023-1964 PHPGurukul Bank Locker Management System Password Reset recovery.php sql injection CVE-2025-3018 SourceCodester Online Eyewear Shop Users.php sql injection CVE-2019-7001 Avaya IPOCC WebUI SQL Injection