All the vulnerabilites related to Lenovo - Service Bridge
var-201706-0113
Vulnerability from variot
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0113", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "service bridge", "scope": "eq", "trust": 1.6, "vendor": "lenovo", "version": null }, { "model": "service bridge", "scope": "lt", "trust": 0.8, "vendor": "lenovo", "version": "4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8230" } ] }, "cve": "CVE-2016-8230", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-8230", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-97050", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-8230", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8230", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201706-091", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97050", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-97050" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "VULHUB", "id": "VHN-97050" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8230", "trust": 2.5 }, { "db": "LENOVO", "id": "LEN-10149", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2016-008621", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-091", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-97050", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97050" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "id": "VAR-201706-0113", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-97050" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:37:22.108000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "LEN-10149", "trust": 0.8, "url": "https://support.lenovo.com/jp/ja/product_security/len-10149" }, { "title": "Lenovo Service Bridge Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70752" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97050" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.lenovo.com/us/en/product_security/len-10149" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8230" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8230" } ], "sources": [ { "db": "VULHUB", "id": "VHN-97050" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-97050" }, { "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "db": "NVD", "id": "CVE-2016-8230" }, { "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-04T00:00:00", "db": "VULHUB", "id": "VHN-97050" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "date": "2017-06-04T21:29:00.277000", "db": "NVD", "id": "CVE-2016-8230" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-09T00:00:00", "db": "VULHUB", "id": "VHN-97050" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008621" }, { "date": "2017-06-09T13:38:48.837000", "db": "NVD", "id": "CVE-2016-8230" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-091" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-091" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lenovo Service Bridge Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008621" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-091" } ], "trust": 0.6 } }
var-201706-0111
Vulnerability from variot
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0111", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "service bridge", "scope": "eq", "trust": 1.6, "vendor": "lenovo", "version": null }, { "model": "service bridge", "scope": "lt", "trust": 0.8, "vendor": "lenovo", "version": "4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8228" } ] }, "cve": "CVE-2016-8228", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2016-8228", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-97048", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-8228", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8228", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201706-093", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-97048", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-97048" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4", "sources": [ { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "VULHUB", "id": "VHN-97048" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8228", "trust": 2.5 }, { "db": "LENOVO", "id": "LEN-10149", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2016-008619", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-093", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-97048", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97048" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "id": "VAR-201706-0111", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-97048" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:37:22.057000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "LEN-10149", "trust": 0.8, "url": "https://support.lenovo.com/jp/ja/product_security/len-10149" }, { "title": "Lenovo Service Bridge Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70754" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97048" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.lenovo.com/us/en/product_security/len-10149" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8228" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8228" } ], "sources": [ { "db": "VULHUB", "id": "VHN-97048" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-97048" }, { "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "db": "NVD", "id": "CVE-2016-8228" }, { "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-04T00:00:00", "db": "VULHUB", "id": "VHN-97048" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "date": "2017-06-04T21:29:00.187000", "db": "NVD", "id": "CVE-2016-8228" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-09T00:00:00", "db": "VULHUB", "id": "VHN-97048" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008619" }, { "date": "2017-06-09T13:39:53.447000", "db": "NVD", "id": "CVE-2016-8228" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-093" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-093" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lenovo Service Bridge Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008619" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-093" } ], "trust": 0.6 } }
var-201706-0112
Vulnerability from variot
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0112", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "service bridge", "scope": "eq", "trust": 1.6, "vendor": "lenovo", "version": null }, { "model": "service bridge", "scope": "lt", "trust": 0.8, "vendor": "lenovo", "version": "4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8229" } ] }, "cve": "CVE-2016-8229", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-8229", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-97049", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-8229", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8229", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201706-092", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97049", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-8229", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-97049" }, { "db": "VULMON", "id": "CVE-2016-8229" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A remote attacker could exploit this vulnerability to perform unauthorized operations", "sources": [ { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "VULHUB", "id": "VHN-97049" }, { "db": "VULMON", "id": "CVE-2016-8229" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8229", "trust": 2.6 }, { "db": "LENOVO", "id": "LEN-10149", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-008620", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-092", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-97049", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-8229", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97049" }, { "db": "VULMON", "id": "CVE-2016-8229" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "id": "VAR-201706-0112", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-97049" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:37:22.135000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "LEN-10149", "trust": 0.8, "url": "https://support.lenovo.com/jp/ja/product_security/len-10149" }, { "title": "Lenovo Service Bridge Fixes for cross-site request forgery vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70753" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97049" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.lenovo.com/us/en/product_security/len-10149" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8229" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8229" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/352.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-97049" }, { "db": "VULMON", "id": "CVE-2016-8229" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-97049" }, { "db": "VULMON", "id": "CVE-2016-8229" }, { "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "db": "NVD", "id": "CVE-2016-8229" }, { "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-04T00:00:00", "db": "VULHUB", "id": "VHN-97049" }, { "date": "2017-06-04T00:00:00", "db": "VULMON", "id": "CVE-2016-8229" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "date": "2017-06-04T21:29:00.247000", "db": "NVD", "id": "CVE-2016-8229" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-09T00:00:00", "db": "VULHUB", "id": "VHN-97049" }, { "date": "2017-06-09T00:00:00", "db": "VULMON", "id": "CVE-2016-8229" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008620" }, { "date": "2017-06-09T13:39:00.430000", "db": "NVD", "id": "CVE-2016-8229" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-092" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-092" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lenovo Service Bridge Vulnerable to cross-site request forgery", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008620" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-092" } ], "trust": 0.6 } }
var-201706-0114
Vulnerability from variot
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. Lenovo Service Bridge Contains a certificate validation vulnerability.Information may be tampered with. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0114", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "service bridge", "scope": "eq", "trust": 1.6, "vendor": "lenovo", "version": null }, { "model": "service bridge", "scope": "lt", "trust": 0.8, "vendor": "lenovo", "version": "4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8231" } ] }, "cve": "CVE-2016-8231", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8231", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-97051", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8231", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8231", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201706-090", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97051", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-97051" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. Lenovo Service Bridge Contains a certificate validation vulnerability.Information may be tampered with. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device", "sources": [ { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "VULHUB", "id": "VHN-97051" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8231", "trust": 2.5 }, { "db": "LENOVO", "id": "LEN-10149", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2016-008622", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-090", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-97051", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97051" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "id": "VAR-201706-0114", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-97051" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:37:22.084000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "LEN-10149", "trust": 0.8, "url": "https://support.lenovo.com/jp/ja/product_security/len-10149" }, { "title": "Lenovo Service Bridge Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70751" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97051" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.lenovo.com/us/en/product_security/len-10149" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8231" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8231" } ], "sources": [ { "db": "VULHUB", "id": "VHN-97051" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-97051" }, { "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "db": "NVD", "id": "CVE-2016-8231" }, { "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-04T00:00:00", "db": "VULHUB", "id": "VHN-97051" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "date": "2017-06-04T21:29:00.327000", "db": "NVD", "id": "CVE-2016-8231" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-06-09T00:00:00", "db": "VULHUB", "id": "VHN-97051" }, { "date": "2017-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008622" }, { "date": "2017-06-09T13:39:14.057000", "db": "NVD", "id": "CVE-2016-8231" }, { "date": "2017-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-090" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-090" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lenovo Service Bridge Vulnerabilities related to certificate validation", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008622" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-090" } ], "trust": 0.6 } }
cve-2019-6168
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6168", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6168", "datePublished": "2019-06-26T14:12:34.822409Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T23:41:33.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4696
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: 0 < 5.0.2.17 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:lenovo:service_bridge:5.0.2.17:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "service_bridge", "vendor": "lenovo", "versions": [ { "lessThan": "5.0.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4696", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T15:39:25.962300Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T15:40:41.315Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:47:41.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-163429" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "5.0.2.17", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.\u202f\u0026nbsp;\u003cbr\u003e\u003c/p\u003e" } ], "value": "A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T20:01:18.145Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-163429" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e" } ], "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically." } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2024-4696", "datePublished": "2024-06-13T20:01:18.145Z", "dateReserved": "2024-05-09T16:18:19.615Z", "dateUpdated": "2024-08-01T20:47:41.519Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6166
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "cross-site request forgery", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "cross-site request forgery" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6166", "datePublished": "2019-06-26T14:12:34.747569Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T17:14:55.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6167
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6167", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6167", "datePublished": "2019-06-26T14:12:34.783642Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T17:02:52.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6169
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "unencrypted downloads over FTP", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6169", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unencrypted downloads over FTP" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6169", "datePublished": "2019-06-26T14:12:34.865362Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T20:32:51.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }