Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2019-06-26 CVE-2019-6166 Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
network
low complexity
lenovo CWE-352
8.8
2019-06-26 CVE-2019-6163 Improper Resource Shutdown or Release vulnerability in Lenovo System Update
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
network
low complexity
lenovo CWE-404
7.5
2019-06-13 CVE-2019-0164 Permissions, Privileges, and Access Controls vulnerability in multiple products
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel lenovo CWE-264
7.3
2019-06-13 CVE-2019-0130 Cross-site Scripting vulnerability in multiple products
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
network
low complexity
intel lenovo CWE-79
7.4
2019-05-03 CVE-2019-6158 Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text.
network
high complexity
lenovo CWE-532
5.9
2019-04-22 CVE-2019-6157 Information Exposure Through Log Files vulnerability in multiple products
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
network
low complexity
lenovo ibm CWE-532
7.5
2019-04-10 CVE-2019-6156 Improper Locking vulnerability in Lenovo products
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash.
local
low complexity
lenovo CWE-667
3.3
2019-04-10 CVE-2019-6154 Untrusted Search Path vulnerability in Lenovo Bootable USB
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
local
low complexity
lenovo CWE-426
7.8
2019-03-18 CVE-2019-6149 Unquoted Search Path or Element vulnerability in Lenovo Dynamic Power Reduction
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
local
low complexity
lenovo CWE-428
6.7
2019-03-14 CVE-2019-0135 Permissions, Privileges, and Access Controls vulnerability in multiple products
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel lenovo CWE-264
7.8