Skip to main content

Ix4 300D Firmware

5 CVEs product

Monthly

CVE-2018-9082 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware +18
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9081 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-9080 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-9079 CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-9078 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.0%
EPSS 1% CVSS 8.8
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure +20
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 8.8
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy