Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-04 | CVE-2017-3775 | Improper Authentication vulnerability in Lenovo products Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. | 6.4 |
| 2018-04-23 | CVE-2017-17833 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 9.8 |
| 2018-04-19 | CVE-2017-3776 | Information Exposure vulnerability in Lenovo Help Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | 7.5 |
| 2018-04-19 | CVE-2017-3774 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo Integrated Management Module 2 4.70 A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. | 9.8 |
| 2018-01-26 | CVE-2017-3762 | Use of Hard-coded Credentials vulnerability in Lenovo Fingerprint Manager PRO 8.01.86 Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. | 7.8 |
| 2018-01-10 | CVE-2017-3765 | Improper Authentication vulnerability in Lenovo Enterprise Network Operating System 8.4.0.0 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. | 7.0 |
| 2017-11-30 | CVE-2017-3764 | Information Exposure vulnerability in Lenovo Xclarity Administrator A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. | 5.3 |
| 2017-10-26 | CVE-2017-3771 | Unspecified vulnerability in Lenovo products System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | 7.5 |
| 2017-10-17 | CVE-2017-3761 | OS Command Injection vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. | 9.8 |
| 2017-10-17 | CVE-2017-3760 | Insufficiently Protected Credentials vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 8.1 |