CVE-2023-40287

Name of the Vulnerable Software and Affected Versions Supermicro X11SSM-F version 1.66 Supermicro X11SAE-F version 1.66 Supermicro X11SSE-F version 1.66

Description An issue was discovered in the web interface of Supermicro X11 series devices, specifically X11SSM-F, X11SAE-F, and X11SSE-F, due to inadequate protection of the web page structure. This issue could allow a remote attacker to conduct a cross-site scripting (XSS) attack using a specially crafted GET request.

Recommendations For Supermicro X11SSM-F version 1.66, consider disabling access to the web interface until a patch is available. For Supermicro X11SAE-F version 1.66, restrict access to the BMC IPMI server to minimize the risk of exploitation. For Supermicro X11SSE-F version 1.66, avoid using the web interface for sensitive operations until the issue is resolved. As a temporary workaround, consider implementing additional security measures, such as input validation and output encoding, to prevent XSS attacks.