Vulnerabilities > Lenovo > EZ Media Backup Center Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9082 Session Fixation vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one.
network
low complexity
lenovo CWE-384
8.8
2018-09-28 CVE-2018-9078 Cross-site Scripting vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.
network
low complexity
lenovo CWE-79
8.8