Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-12 | CVE-2015-7820 | Race Condition vulnerability in multiple products Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. | 7.1 |
| 2015-11-12 | CVE-2015-7819 | Credentials Management vulnerability in multiple products The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | 5.0 |
| 2015-11-12 | CVE-2015-7818 | Permissions, Privileges, and Access Controls vulnerability in multiple products The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | 7.2 |
| 2015-11-12 | CVE-2015-7817 | Race Condition vulnerability in multiple products Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | 7.1 |
| 2015-05-12 | CVE-2015-2234 | Race Condition vulnerability in Lenovo System Update 5.06.0027 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | 6.9 |
| 2015-05-12 | CVE-2015-2233 | Cryptographic Issues vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | 8.3 |
| 2015-05-12 | CVE-2015-2219 | Permissions, Privileges, and Access Controls vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | 7.2 |
| 2015-04-16 | CVE-2015-3324 | Cryptographic Issues vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware 118.71532 The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | 4.3 |
| 2015-04-16 | CVE-2015-3323 | Improper Input Validation vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | 5.0 |
| 2015-04-16 | CVE-2015-3322 | Cryptographic Issues vulnerability in Lenovo products Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | 5.0 |