Smart Connect
Monthly
Lenovo Smart Connect for Windows exposes an improper access control flaw that permits a local authenticated user to read files belonging to other users on the same machine. Discovered through Lenovo's own internal security assessment and documented under advisory LEN-218281, the flaw carries a CVSS 4.0 score of 6.8 with a local, low-privilege attack vector and high confidentiality impact. No public exploit code and no CISA KEV listing exist at time of analysis, limiting immediate risk to multi-user Windows environments where Lenovo Smart Connect is installed.
Lenovo Smart Connect for Windows exposes an improper access control flaw that permits a local authenticated user to read files belonging to other users on the same machine. Discovered through Lenovo's own internal security assessment and documented under advisory LEN-218281, the flaw carries a CVSS 4.0 score of 6.8 with a local, low-privilege attack vector and high confidentiality impact. No public exploit code and no CISA KEV listing exist at time of analysis, limiting immediate risk to multi-user Windows environments where Lenovo Smart Connect is installed.