Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2020-8356 Cleartext Transmission of Sensitive Information vulnerability in Lenovo Xclarity Orchestrator 1.0.0/1.1.0/1.2.0
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text.
network
low complexity
lenovo CWE-319
4.9
2021-02-10 CVE-2020-8355 Cleartext Transmission of Sensitive Information vulnerability in Lenovo Xclarity Administrator
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating.
network
low complexity
lenovo CWE-319
4.9
2020-11-30 CVE-2020-8351 Improper Privilege Management vulnerability in Lenovo Pcmanager 2.6.40.3154/2.8.90.11211
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
local
low complexity
lenovo CWE-269
7.8
2020-11-11 CVE-2020-8354 Unspecified vulnerability in Lenovo Notebook Firmware
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
local
low complexity
lenovo
6.7
2020-11-11 CVE-2020-8353 Unspecified vulnerability in Lenovo products
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled.
local
low complexity
lenovo
6.7
2020-11-11 CVE-2020-8352 Unspecified vulnerability in Lenovo products
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
low complexity
lenovo
2.4
2020-10-14 CVE-2020-8350 Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware 1.1.3.4
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.
low complexity
lenovo CWE-287
8.8
2020-10-14 CVE-2020-8349 Code Injection vulnerability in Lenovo Cloud Networking Operating System
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface.
network
low complexity
lenovo CWE-94
critical
9.8
2020-10-14 CVE-2020-8345 Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
local
low complexity
lenovo CWE-427
7.8
2020-10-14 CVE-2020-8338 Untrusted Search Path vulnerability in Lenovo Diagnostics
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
local
low complexity
lenovo CWE-426
7.8