Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-13 | CVE-2019-19756 | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator 2.6.0 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. | 6.0 |
| 2020-02-14 | CVE-2019-6195 | Improper Privilege Management vulnerability in Lenovo Xclarity Controller An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 4.8 |
| 2020-02-14 | CVE-2019-6194 | XXE vulnerability in Lenovo Xclarity Administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | 5.5 |
| 2020-02-14 | CVE-2019-6193 | Information Exposure vulnerability in Lenovo Xclarity Administrator An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | 7.5 |
| 2020-02-14 | CVE-2019-6190 | Improper Initialization vulnerability in Lenovo products Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | 5.5 |
| 2020-02-14 | CVE-2019-19758 | Open Redirect vulnerability in Lenovo products A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | 6.1 |
| 2020-02-14 | CVE-2019-19757 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. | 5.4 |
| 2019-12-10 | CVE-2019-6192 | Classic Buffer Overflow vulnerability in Lenovo Power Management Driver A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | 4.4 |
| 2019-12-10 | CVE-2019-6183 | Unspecified vulnerability in Lenovo Energy Management 15.11.29.1 A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. | 7.5 |
| 2019-11-20 | CVE-2019-6191 | Unspecified vulnerability in Lenovo Paper 1.0.0.22 A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | 7.8 |