Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2018-01-26 CVE-2017-3762 Use of Hard-coded Credentials vulnerability in Lenovo Fingerprint Manager PRO 8.01.86
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
local
low complexity
lenovo CWE-798
7.8
2018-01-10 CVE-2017-3765 Improper Authentication vulnerability in Lenovo Enterprise Network Operating System 8.4.0.0
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces.
local
high complexity
lenovo CWE-287
7.0
2017-11-30 CVE-2017-3764 Information Exposure vulnerability in Lenovo Xclarity Administrator
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface.
network
low complexity
lenovo CWE-200
5.3
2017-10-26 CVE-2017-3771 Unspecified vulnerability in Lenovo products
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
network
low complexity
lenovo
7.5
2017-10-17 CVE-2017-3761 OS Command Injection vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input.
network
low complexity
lenovo CWE-78
critical
9.8
2017-10-17 CVE-2017-3760 Insufficiently Protected Credentials vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data.
network
high complexity
lenovo CWE-522
8.1
2017-10-17 CVE-2017-3759 Improper Input Validation vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application accepts some responses from the server without proper validation.
network
high complexity
lenovo CWE-20
8.1
2017-10-17 CVE-2017-3758 Unspecified vulnerability in Lenovo Service Framework
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
network
low complexity
lenovo
critical
9.8
2017-10-03 CVE-2015-6971 Command Injection vulnerability in Lenovo System Update 5.06.0027/5.06.0034
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
local
low complexity
lenovo CWE-77
7.8
2017-10-03 CVE-2015-3321 Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
local
low complexity
lenovo CWE-264
6.7