GHSA-fm9p-5c8h-mw8h
GitHub Security Advisory
⚠ Unreviewed
HIGH
Has CVE
Advisory Details
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: September 14, 2025 6:31 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.