Vulnerabilities > Lenovo > IX4 300D Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-28 | CVE-2018-9082 | Session Fixation vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. | 8.8 |
2018-09-28 | CVE-2018-9078 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. | 8.8 |