Megarac Spx CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-40258	1 Ami	2 Megarac Spx-12, Megarac Spx-13	2025-03-27	5.3 Medium
AMI Megarac Weak password hashes for Redfish & API
CVE-2022-26872	2 Ami, Netapp	3 Megarac Sp-x, Megarac Spx, Hci Baseboard Management Controller	2025-02-13	8.3 High
AMI Megarac Password reset interception via API
CVE-2023-34335	1 Ami	1 Megarac Spx	2025-01-03	7.7 High
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.

Page 1 of 1.