Supermicro

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40290 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 18, 2025 Mar 27, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.
CVE-2023-40289 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 18, 2025 Mar 27, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
CVE-2023-40288 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 18, 2025 Mar 27, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-40287 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 18, 2025 Mar 27, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-40286 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 18, 2025 Mar 27, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-40285 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 17, 2025 Mar 27, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-40284 1Supermicro 3X11sae F Firmware X11sse F FirmwareX11ssm F Firmware Jun 17, 2025 Mar 27, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2023-33413 1Supermicro 356B12dpe 6 Firmware B12dpt 6 FirmwareB12spe Cpu 25g Firmware+353 more Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02...Show more The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.Show less
CVE-2023-33412 1Supermicro 356B12dpe 6 Firmware B12dpt 6 FirmwareB12spe Cpu 25g Firmware+353 more Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote...Show more The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.Show less
CVE-2023-33411 1Supermicro 356B12dpe 6 Firmware B12dpt 6 FirmwareB12spe Cpu 25g Firmware+353 more Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unaut...Show more A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.Show less
CVE-2023-34853 1Supermicro 271H11dsi Nt Firmware H11dsi FirmwareH11dst B Firmware+268 more Nov 21, 2024 Aug 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.
CVE-2023-35861 1Supermicro 165H12dgo 6 Firmware H12dgq Nt6 FirmwareH12dsg O Cpu Firmware+162 more Nov 21, 2024 Jul 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.
CVE-2022-43309 1Supermicro 146H11dsi Nt Firmware H11dsi FirmwareH11dst B Firmware+143 more Feb 11, 2025 Apr 7, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.
CVE-2021-22887 2Pulsesecure Supermicro 11Psa 5000 Firmware Psa 7000 FirmwareX10sl7 F Firmware+8 more Nov 21, 2024 Mar 16, 2021 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Befor...Show more A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.Show less
CVE-2020-15046 1Supermicro 2X10drh It Bios X10drh It Firmware Nov 21, 2024 Jun 24, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 an...Show more The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.Show less
CVE-2013-6785 1Supermicro 1Intelligent Platform Management Interface Nov 21, 2024 Jan 23, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
CVE-2013-3620 2Citrix Supermicro 5Netscaler Firmware Netscaler Sd Wan FirmwareNetscaler Sdx Firmware+2 more Nov 21, 2024 Jan 2, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards befo...Show more Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.Show less
CVE-2013-3619 2Citrix Supermicro 5Netscaler Firmware Netscaler Sd Wan FirmwareNetscaler Sdx Firmware+2 more Nov 21, 2024 Jan 2, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private...Show more Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.Show less
CVE-2019-19642 1Supermicro 2X8sti F Bios X8sti F Firmware Nov 21, 2024 Dec 8, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires...Show more On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor.Show less
CVE-2019-16650 1Supermicro 254A1sa2 2750f Firmware A1sai 2550f FirmwareA1sai 2750f Firmware+251 more Nov 21, 2024 Sep 21, 2019 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply conn...Show more On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.Show less

12 Next