Skip to main content

Lenovo

304 CVEs vendor

Monthly

CVE-2020-8316 MEDIUM This Month

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Vantage
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-6192 MEDIUM POC This Month

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Lenovo Power Management Driver
NVD Exploit-DB
CVSS 3.1
4.4
EPSS
1.7%
CVE-2019-6183 HIGH This Week

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Microsoft Energy Management
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-6189 HIGH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6187 MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-6186 HIGH PATCH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Lenovo Information Disclosure System Interface Foundation
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-6188 CRITICAL Act Now

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +389
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-6172 MEDIUM This Month

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

Lenovo RCE 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +389
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2019-6170 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

Lenovo RCE 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +389
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2019-6175 HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6182 MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2019-6181 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6180 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-6179 HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft VMware XXE +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-6177 CRITICAL Act Now

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Information Disclosure Solution Center
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-6165 HIGH This Week

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft Yoga 700 11Isk Firmware Yoga 700 14Isk Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6169 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Service Bridge
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-6168 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-6167 CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-6166 HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo CSRF Service Bridge
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-6163 HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-6158 MEDIUM This Month

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-6157 HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware Flex System X240 M5 Firmware Flex System X280 X6 Firmware +34
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6156 LOW PATCH Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Lenovo Information Disclosure 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +174
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2019-6154 HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Lenovo Information Disclosure Bootable Usb
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-6149 MEDIUM This Month

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Dynamic Power Reduction
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2018-9086 HIGH PATCH This Week

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Lenovo RCE Command Injection Thinkserver Rd340 Firmware Thinkserver Rd440 Firmware +2
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-9085 MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation IBM Flex System X240 M4 Firmware +25
NVD
CVSS 3.0
4.9
EPSS
0.7%
CVE-2018-9073 MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Chassis Management Module Firmware
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2018-9071 MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Chassis Management Module Firmware
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-9069 MEDIUM This Month

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Lenovo 310S 14Isk Firmware 320 15Ikbra Firmware +66
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2018-9082 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware +18
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9081 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-9080 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-9079 CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-9078 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-9077 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9076 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9075 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-9074 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal Lenovoemc Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-9066 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Code Injection Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-9065 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-9064 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-9068 HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM Flex System X240 M4 Firmware Flex System X240 M5 Firmware +35
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-9062 MEDIUM PATCH This Month

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Lenovo RCE E42 80 Firmware E42 80 Isk Firmware E52 80 Firmware +36
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2018-14066 CRITICAL POC Act Now

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lenovo Google Android
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2018-9070 MEDIUM This Month

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Lenovo Smart Assistant
NVD
CVSS 3.0
6.4
EPSS
0.3%
CVE-2018-9067 HIGH This Week

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo Lenovo Help
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-9063 HIGH This Week

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo RCE Buffer Overflow System Update
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-3764 MEDIUM PATCH This Month

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2015-7269 MEDIUM This Month

Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED). Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo St500Lt015 Firmware
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7268 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung Dell Authentication Bypass +4
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7267 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung Lenovo 850 Pro Firmware +3
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-3767 HIGH This Week

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Audio Driver Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3771 HIGH This Week

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Thinkcentre M710S Firmware Thinkcentre M710T Firmware Aio E95 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-3761 CRITICAL PATCH Act Now

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Google Command Injection Lenovo Service Framework
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2017-3760 HIGH PATCH This Week

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-3759 HIGH PATCH This Week

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-3758 CRITICAL PATCH Act Now

Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Google Lenovo Service Framework
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2015-6971 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-3321 MEDIUM This Month

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Fingerprint Manager
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-3757 HIGH PATCH This Week

An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Elan Touchpad Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3756 HIGH This Week

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Thinkpad 10 Ella 2 Bios Thinkpad 11E Beema Bios Thinkpad 11E Braswell Bios +145
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3753 MEDIUM This Month

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Lenovo Ideacentre 300 20Ish Firmware Ideacentre 300S 11Ish Firmware +109
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-3752 HIGH This Week

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo 1G L2 7 Slb Layer 2 3 Copper Firmware Virtual Fabric 10Gb +15
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-3754 MEDIUM This Month

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Bios
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-3742 MEDIUM This Month

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for. Rated medium severity (CVSS 4.8). No vendor patch available.

Google Microsoft Lenovo Information Disclosure Connect2
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-3750 MEDIUM This Month

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo Android
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-3749 MEDIUM This Month

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo Android
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-3748 HIGH This Week

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3747 MEDIUM This Month

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Lenovo Nerve Center
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-3745 HIGH PATCH This Week

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lenovo Xclarity Administrator
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3744 MEDIUM This Month

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Integrated Management Module Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3743 HIGH PATCH This Week

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Advanced Settings Utility Toolscenter Dynamic System Analysis Updatexpress System Pack Installer
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-4596 HIGH This Week

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Mouse Suite
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3741 LOW Monitor

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Power Management
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2017-3740 MEDIUM This Month

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Active Protection System
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8231 HIGH This Week

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-8230 HIGH This Week

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lenovo Service Bridge
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8229 HIGH This Week

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8228 HIGH This Week

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Lenovo Service Bridge
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1876 HIGH This Week

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7293 HIGH POC This Week

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Privilege Escalation Lenovo Dolby Audio X2 Dolby Audio X3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.1%
CVE-2015-8110 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8109 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Lenovo Lenovo System Update
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-8237 HIGH This Week

Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Privilege Escalation Lenovo Updates
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2016-8235 HIGH This Week

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Customer Care Software Development Kit
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8236 HIGH PATCH This Week

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lenovo Thinkserver Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-8233 CRITICAL PATCH Act Now

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lenovo Xclarity Administrator
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-8232 MEDIUM This Month

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Lenovo Advanced Management Module Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Vantage
NVD
EPSS 2% CVSS 4.4
MEDIUM POC This Month

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Lenovo +1
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH This Week

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure System Interface Foundation
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Lenovo Information Disclosure System Interface Foundation
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo 510 15Ikl Firmware +391
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

Lenovo RCE 510 15Ikl Firmware +391
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

Lenovo RCE 510 15Ikl Firmware +391
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Service Bridge
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Service Bridge
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo CSRF Service Bridge
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware +36
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Lenovo Information Disclosure 510 15Ikl Firmware +176
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Lenovo Information Disclosure Bootable Usb
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Dynamic Power Reduction
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Lenovo RCE Command Injection +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Intel Privilege Escalation +27
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Chassis Management Module Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Chassis Management Module Firmware
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Lenovo +68
NVD
EPSS 1% CVSS 8.8
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure +20
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD
EPSS 1% CVSS 8.8
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware +19
NVD
EPSS 2% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 2% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 4% CVSS 8.1
HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Code Injection Xclarity Administrator
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM +37
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Lenovo RCE E42 80 Firmware +38
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lenovo Google +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Lenovo +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Xclarity Administrator
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED). Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo St500Lt015 Firmware
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung +6
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Audio Driver Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Thinkcentre M710S Firmware +2
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Google Command Injection +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Google Lenovo +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Google Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Fingerprint Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Elan Touchpad Driver
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Thinkpad 10 Ella 2 Bios +147
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Lenovo +111
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo 1G L2 7 Slb +17
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Bios
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for. Rated medium severity (CVSS 4.8). No vendor patch available.

Google Microsoft Lenovo +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lenovo Xclarity Administrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Integrated Management Module Firmware
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Advanced Settings Utility +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Power Management
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Active Protection System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lenovo Service Bridge
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lenovo Service Bridge
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lenovo Lenovo Service Bridge
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Lenovo Service Bridge
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Privilege Escalation Lenovo +2
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Lenovo System Update
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Lenovo Lenovo System Update
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Customer Care Software Development Kit
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Lenovo Thinkserver Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lenovo Xclarity Administrator
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Lenovo +1
NVD
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy