VYPR
High severity8.1NVD Advisory· Published Oct 25, 2023· Updated Jun 17, 2026

CVE-2023-4606

CVE-2023-4606

Description

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.

This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2023-4606 · High · VYPR