Vulnerabilites related to lenovo - thinkcentre
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | service_bridge | * | |
lenovo | ideacentre | - | |
lenovo | ideapad | - | |
lenovo | tablet | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - | |
lenovo | yoga | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D", "versionEndExcluding": "4.1.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*", "matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*", "matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." }, { "lang": "es", "value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir Cross-Site Request Forgery (CSRF)." } ], "id": "CVE-2019-6166", "lastModified": "2024-11-21T04:46:03.833", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@lenovo.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-26T14:15:10.153", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | service_bridge | * | |
lenovo | ideacentre | - | |
lenovo | ideapad | - | |
lenovo | tablet | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - | |
lenovo | yoga | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D", "versionEndExcluding": "4.1.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*", "matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*", "matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." }, { "lang": "es", "value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo." } ], "id": "CVE-2019-6168", "lastModified": "2024-11-21T04:46:04.083", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-26T14:15:10.277", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | service_bridge | * | |
lenovo | ideacentre | - | |
lenovo | ideapad | - | |
lenovo | tablet | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - | |
lenovo | yoga | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D", "versionEndExcluding": "4.1.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*", "matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*", "matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." }, { "lang": "es", "value": "Una vulnerabilidad comunicada en Lenovo Service Bridge antes de la versi\u00f3n 4.1.0.1 podr\u00eda permitir descargas sin cifrar a trav\u00e9s de FTP." } ], "id": "CVE-2019-6169", "lastModified": "2024-11-21T04:46:04.213", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-26T14:15:10.357", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-311" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | service_bridge | * | |
lenovo | ideacentre | - | |
lenovo | ideapad | - | |
lenovo | tablet | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - | |
lenovo | yoga | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D", "versionEndExcluding": "4.1.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*", "matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*", "matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." }, { "lang": "es", "value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo." } ], "id": "CVE-2019-6167", "lastModified": "2024-11-21T04:46:03.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-26T14:15:10.213", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-04-10 17:29
Modified
2024-11-21 04:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | bootable_usb | * | |
lenovo | ideacentre | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:bootable_usb:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4373A561-D116-4844-8F09-BEB7923ED0DB", "versionEndExcluding": "mar-2019", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system." }, { "lang": "es", "value": "Se inform\u00f3 de una vulnerabilidad en la ruta de b\u00fasqueda de DLL en Lenovo Bootable Generator, anterior a la versi\u00f3n Mar-2019, que podr\u00eda permitir a un usuario malicioso con acceso local ejecute c\u00f3digo en el sistema." } ], "id": "CVE-2019-6154", "lastModified": "2024-11-21T04:46:02.347", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@lenovo.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-04-10T17:29:00.400", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-25401" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-25401" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-426" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
lenovo | system_update | * | |
lenovo | b_series | - | |
lenovo | c100 | - | |
lenovo | c200 | - | |
lenovo | e_series | - | |
lenovo | j100 | - | |
lenovo | j105 | - | |
lenovo | j110 | - | |
lenovo | j115 | - | |
lenovo | j200 | - | |
lenovo | j200p | - | |
lenovo | j205 | - | |
lenovo | k_series | - | |
lenovo | n100 | - | |
lenovo | n200 | - | |
lenovo | s200 | - | |
lenovo | s200p | - | |
lenovo | s205 | - | |
lenovo | thinkcentre | - | |
lenovo | thinkpad | - | |
lenovo | thinkstation | - | |
lenovo | v_series | - | |
lenovo | v100 | - | |
lenovo | v200 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "matchCriteriaId": "425E8D8C-9D57-421C-B9D8-91570342F37C", "versionEndExcluding": "5.07.0084", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:lenovo:b_series:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF35A407-04DB-4484-8C92-44E9CA35784B", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:c100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2679679A-86BF-4346-B49A-1CF59066A3C7", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:c200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF289431-1E47-4AAE-9664-CB70EBDBE835", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:e_series:-:*:*:*:*:*:*:*", "matchCriteriaId": "20A22C95-1285-46B8-A9BB-8BE1D7824C41", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j100:-:*:*:*:*:*:*:*", "matchCriteriaId": "59F2C7AD-9AC4-4582-952B-561D86C98BB5", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j105:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B7C3A94-C947-47CF-94EF-A36D51E568A9", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j110:-:*:*:*:*:*:*:*", "matchCriteriaId": "72664BC5-3936-455A-AF94-96686CD4E3B4", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j115:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B111141-88BD-46D8-9FE1-2D72CD9D9383", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j200:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CAC20A5-7F62-4BEF-A489-B14EC1AF24C0", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j200p:-:*:*:*:*:*:*:*", "matchCriteriaId": "165777CC-AEA0-4AF6-813A-0BCF19C011B7", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:j205:-:*:*:*:*:*:*:*", "matchCriteriaId": "56E48F87-3FAE-4AFB-B691-F60CAA0D264C", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:k_series:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C2A201-9452-4753-AB38-29F7B53E3C4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:n100:-:*:*:*:*:*:*:*", "matchCriteriaId": "969C2FCE-A6C7-4D61-8ECC-CAE595829EAD", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:n200:-:*:*:*:*:*:*:*", "matchCriteriaId": "414F3F97-0D2C-4B3A-B5AB-59B308652FD7", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:s200:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CD73A62-B205-4D80-9516-F1603198E0E8", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:s200p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C10BB43C-D47F-4CA1-B69C-CAB260D58EE5", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:s205:-:*:*:*:*:*:*:*", "matchCriteriaId": "25405CB9-280E-4EDD-A2AE-3869F781BE66", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:v_series:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4199C75-BB7A-4F1B-911B-28FCB859474E", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:v100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F32E145-62E2-4A52-8E48-C5CD9CBFB1C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:lenovo:v200:-:*:*:*:*:*:*:*", "matchCriteriaId": "547B731E-658D-4312-BDC2-22A3F584833E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations." }, { "lang": "es", "value": "Se comunic\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en Lenovo System Update en versiones anteriores a la 5.07.0084 que podr\u00eda permitir que los archivos de registro de servicio sean escritos en ubicaciones no standard." } ], "id": "CVE-2019-6163", "lastModified": "2024-11-21T04:46:03.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-26T14:15:10.107", "references": [ { "source": "psirt@lenovo.com", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.lenovo.com/solutions/LEN-27348" } ], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-404" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2019-6154
Vulnerability from cvelistv5
Published
2019-04-10 17:04
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-25401 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Lenovo Bootable Generator |
Version: unspecified < Mar-2019 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-25401" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Lenovo Bootable Generator", "vendor": "Lenovo", "versions": [ { "lessThan": "Mar-2019", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue." } ], "datePublic": "2019-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-10T17:04:19", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-25401" } ], "solutions": [ { "lang": "en", "value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)." } ], "source": { "advisory": "LEN-25401", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-04-04T19:00:00.000Z", "ID": "CVE-2019-6154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Lenovo Bootable Generator", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "Mar-2019" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-25401", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-25401" } ] }, "solution": [ { "lang": "en", "value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)." } ], "source": { "advisory": "LEN-25401", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6154", "datePublished": "2019-04-10T17:04:19.857324Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-17T02:06:09.759Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6163
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27348 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | System Update |
Version: unspecified < 5.07.0084 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:23.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "System Update", "vendor": "Lenovo", "versions": [ { "lessThan": "5.07.0084", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "privilege escalation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-13T18:56:07", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27348" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." } ], "source": { "advisory": "LEN-27348", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6163", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "System Update", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "5.07.0084" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "privilege escalation" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27348", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27348" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)." } ], "source": { "advisory": "LEN-27348", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6163", "datePublished": "2019-06-26T14:12:34.696699Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T23:41:01.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6166
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "cross-site request forgery", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "cross-site request forgery" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6166", "datePublished": "2019-06-26T14:12:34.747569Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T17:14:55.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6169
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.523Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "unencrypted downloads over FTP", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6169", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unencrypted downloads over FTP" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6169", "datePublished": "2019-06-26T14:12:34.865362Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T20:32:51.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6168
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6168", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6168", "datePublished": "2019-06-26T14:12:34.822409Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T23:41:33.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6167
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:02
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
▼ | URL | Tags |
---|---|---|
https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Service Bridge", "vendor": "Lenovo", "versions": [ { "lessThan": "4.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "datePublic": "2019-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-26T14:12:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/solutions/LEN-27725" } ], "solutions": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-06-25T16:00:00.000Z", "ID": "CVE-2019-6167", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Service Bridge", "version": { "version_data": [ { "affected": "\u003c", "version_affected": "\u003c", "version_value": "4.1.0.1" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/solutions/LEN-27725", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-27725" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)." } ], "source": { "advisory": "LEN-27725", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6167", "datePublished": "2019-06-26T14:12:34.783642Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T17:02:52.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }