Search criteria
12 vulnerabilities found for lenovo_service_bridge by lenovo
FKIE_CVE-2016-8228
Vulnerability from fkie_nvd - Published: 2017-06-04 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | lenovo_service_bridge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C990A-7C32-4BE0-89ED-298FF700EC41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
},
{
"lang": "es",
"value": "En Lenovo Service Bridge anterior a versi\u00f3n 4, un usuario con privilegios locales en un sistema pod\u00eda ejecutar c\u00f3digo con privilegios administrativos."
}
],
"id": "CVE-2016-8228",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-04T21:29:00.187",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8231
Vulnerability from fkie_nvd - Published: 2017-06-04 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | lenovo_service_bridge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C990A-7C32-4BE0-89ED-298FF700EC41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
},
{
"lang": "es",
"value": "En Lenovo Service Bridge anterior a versi\u00f3n 4, podr\u00eda ser explotado por un atacante un bug detectado en la l\u00f3gica de comprobaci\u00f3n de firmas del certificado de firma de c\u00f3digo para insertar un certificado de firma de c\u00f3digo falsificado."
}
],
"id": "CVE-2016-8231",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-04T21:29:00.327",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8229
Vulnerability from fkie_nvd - Published: 2017-06-04 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | lenovo_service_bridge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C990A-7C32-4BE0-89ED-298FF700EC41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery en Lenovo Service Bridge anterior a versi\u00f3n 4, podr\u00eda ser explotada por un atacante con acceso al servidor DHCP utilizado por el sistema donde est\u00e1 instalado LSB."
}
],
"id": "CVE-2016-8229",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-04T21:29:00.247",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8230
Vulnerability from fkie_nvd - Published: 2017-06-04 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | lenovo_service_bridge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C990A-7C32-4BE0-89ED-298FF700EC41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
},
{
"lang": "es",
"value": "En Lenovo Service Bridge anterior a versi\u00f3n 4, una conexi\u00f3n HTTP no segura es utilizada por LSB para enviar el n\u00famero del serial del sistema, el tipo y el modelo de la m\u00e1quina y el nombre del producto hacia los servidores de Lenovo."
}
],
"id": "CVE-2016-8230",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-04T21:29:00.277",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-8228 (GCVE-0-2016-8228)
Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8228",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8230 (GCVE-0-2016-8230)
Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
Severity ?
No CVSS data available.
CWE
- Insecure HTTP connection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure HTTP connection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure HTTP connection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8230",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8231 (GCVE-0-2016-8231)
Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
Severity ?
No CVSS data available.
CWE
- Insecure code signing certificate validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure code signing certificate validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure code signing certificate validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8231",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8229 (GCVE-0-2016-8229)
Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8229",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8228 (GCVE-0-2016-8228)
Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8228",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8230 (GCVE-0-2016-8230)
Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
Severity ?
No CVSS data available.
CWE
- Insecure HTTP connection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure HTTP connection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure HTTP connection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8230",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8231 (GCVE-0-2016-8231)
Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
Severity ?
No CVSS data available.
CWE
- Insecure code signing certificate validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure code signing certificate validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure code signing certificate validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8231",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8229 (GCVE-0-2016-8229)
Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Service Bridge |
Affected:
Earlier than version 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than version 4"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T23:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_value": "Earlier than version 4"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8229",
"datePublished": "2017-06-03T00:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}