Search criteria
2 vulnerabilities found for px12-450r by lenovo
VAR-201809-1099
Vulnerability from variot - Updated: 2023-12-18 12:01For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. Iomega , Lenovo , LenovoEMC NAS The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). A cross-site scripting vulnerability exists in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier. A remote attacker could exploit this vulnerability to elevate privileges by adding a file. The following products and versions are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl , EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storcenter ix4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \\\u0026 backup center",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-400r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px6-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-450r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix2",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px2-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "lenovoemc",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"cve": "CVE-2018-9081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-9081",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-139113",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-9081",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9081",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1180",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-139113",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. Iomega , Lenovo , LenovoEMC NAS The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). A cross-site scripting vulnerability exists in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier. A remote attacker could exploit this vulnerability to elevate privileges by adding a file. The following products and versions are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl , EZ Media \u0026 Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media \u0026 Backup Center",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "VULHUB",
"id": "VHN-139113"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9081",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-24224",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"id": "VAR-201809-1099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:17.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-24224",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-24224"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85214"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9081"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9081"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-139113"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"date": "2018-09-28T20:29:01.423000",
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-139113"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"date": "2018-11-16T20:51:34.310000",
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo Product site cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
],
"trust": 0.6
}
}
VAR-201809-1096
Vulnerability from variot - Updated: 2023-12-18 12:01For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. Iomega , Lenovo , LenovoEMC NAS The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker could exploit this vulnerability to elevate privileges by uploading an SVG image with arbitrary JavaScript code. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storcenter ix4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \\\u0026 backup center",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-400r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px6-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-450r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix2",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px2-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \u0026 backup center",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix4-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-400r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"cve": "CVE-2018-9078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9078",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-139110",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9078",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139110",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device\u0027s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. Iomega , Lenovo , LenovoEMC NAS The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker could exploit this vulnerability to elevate privileges by uploading an SVG image with arbitrary JavaScript code. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media \u0026 Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media \u0026 Backup Center ",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "VULHUB",
"id": "VHN-139110"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9078",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-24224",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139110",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"id": "VAR-201809-1096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:16.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-24224",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85211"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9078"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9078"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-139110"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"date": "2018-09-28T20:29:01.097000",
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139110"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo Vulnerabilities related to security functions in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
],
"trust": 0.6
}
}