CVE-2019-6161

Name of the Vulnerable Software and Affected Versions ThinkAgile CP-SB (Storage Block) BMC versions prior to 1908.M

Description An internal product security audit discovered a session handling issue in the web interface of the affected product. This issue allows session IDs to be reused, potentially providing unauthorized access to the BMC under certain circumstances.

Recommendations For versions prior to 1908.M, update the firmware to version 1908.M or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.