Alexander Gutkin

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console all versions **Description** The issue is related to improper access control in the Intel(R) RAID Web Console, which may allow an authenticated user to potentially enable denial of service via adjacent access. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For all versions of Intel(R) RAID Web Console, consider restricting access to the web console to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of authenticated users to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console software all versions **Description** The issue is related to improper access control in the Intel(R) RAID Web Console software, which may allow an authenticated user to potentially enable denial of service via adjacent access. This could be exploited by a remote attacker to cause a denial of service. **Recommendations** As a temporary workaround, consider restricting access to the Intel(R) RAID Web Console software until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RAID Web Console versions all versions **Description** The issue is related to insufficient input validation in the Intel(R) RAID Web Console software, which may allow an authenticated user to potentially enable information disclosure via adjacent access. This could permit a remote attacker to disclose protected information. **Recommendations** For all versions of Intel(R) RAID Web Console software, patch the software immediately and monitor for signs of compromise. Limit network access if needed. As a temporary workaround, consider restricting access to sensitive data and functions within the web console until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenBMC Firmware versions prior to egs-1.14-0 OpenBMC Firmware versions prior to bhs-0.27 **Description** The issue is related to an uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms, which may allow an authenticated user to potentially enable denial of service via network access. **Recommendations** For OpenBMC Firmware versions prior to egs-1.14-0, update to version egs-1.14-0 or later. For OpenBMC Firmware versions prior to bhs-0.27, update to version bhs-0.27 or later.