CVE-2023-40284

Name of the Vulnerable Software and Affected Versions Supermicro X11 series versions 1.66

Description The issue exists due to a lack of protection for the web page structure in the web interface of Supermicro BMC IPMI servers. This could allow a remote attacker to conduct a cross-site scripting (XSS) attack using a specially crafted GET request. An attacker could exploit this issue, potentially leading to malicious code execution.

Recommendations For Supermicro X11 series version 1.66, consider disabling the web interface until a patch is available to prevent potential XSS attacks. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.