Product:

Megarac_sp\-X

(Ami)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 30
Date Id Summary Products Score Patch Annotated
2025-03-11 CVE-2024-54085 AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. Megarac_sp\-X, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Sg1100_firmware, Sg110_firmware, Sg6160_firmware, Sgf6112_firmware 9.8
2023-02-15 CVE-2023-25191 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. Megarac_sp\-X 7.5
2023-02-15 CVE-2023-25192 AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. Megarac_sp\-X 5.3
2023-07-18 CVE-2023-34329 AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. Megarac_sp\-X 8.0
2023-07-18 CVE-2023-34330 AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. Megarac_sp\-X 8.8
2022-12-05 CVE-2022-2827 AMI MegaRAC User Enumeration Vulnerability Megarac_sp\-X 7.5
2022-12-05 CVE-2022-40242 MegaRAC Default Credentials Vulnerability Megarac_sp\-X 9.8
2022-12-05 CVE-2022-40259 MegaRAC Default Credentials Vulnerability Megarac_sp\-X 9.8
2023-01-30 CVE-2022-26872 AMI Megarac Password reset interception via API Megarac_sp\-X 8.8
2023-04-18 CVE-2023-28863 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Megarac_sp\-X 9.1