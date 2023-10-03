PLATFORM CAPABILITIES RESEARCH COMPANY FwHunt

[BRLY-2023-010] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the servh_storage_create and servh_storage_add webpages using the hash property of the URL

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in servh_storage_create and servh_storage_add webpages that uses hash property of the URL, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. This attack works on IE11 and Microsoft Edge in Internet Explorer mode.

[BRLY-2023-001] Command injection vulnerability in Supermicro BMC IPMI firmware

BINARLY efiXplorer team

BINARLY team has discovered a command injection vulnerability in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to execute arbitrary code.

[BRLY-2023-009] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ssl_fw_reset webpage using port GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ssl_fw_reset webpage that uses port GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

[BRLY-2023-007] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ip_ctrl_change webpage using index GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ip_ctrl_change webpage that uses index GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

[BRLY-2023-008] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the modify_nm_policy webpage using pdomain GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the modify_nm_policy webpage that uses pdomain GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

[BRLY-2023-012] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages using lang local storage item

BINARLY efiXplorer team

BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages that uses lang local storage item, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

[BRLY-2023-011] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in multiple webpages using language cookie value

BINARLY efiXplorer team

BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in multiple webpages that uses language cookie value, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

