Advanced Settings Utility
Monthly
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via. Rated low severity (CVSS 3.3). No vendor patch available.
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via. Rated low severity (CVSS 3.3). No vendor patch available.