CVEDB API

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.5%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2018-16091

Lenovo » Thinkagile Hx Enclosure 7x81 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-
Lenovo » Thinkagile Hx Enclosure 7y87 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-
Lenovo » Thinkagile Hx Enclosure 7z02 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-
Lenovo » Thinkagile Vx Enclosure 7y11 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-
Lenovo » Thinkagile Vx Enclosure 7y91 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-
Lenovo » Thinksystem D2 Enclosure 7x20 » Version: N/A

cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-
Lenovo » Thinksystem Modular Enclosure 7x22 » Version: N/A

cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-
Lenovo » System Management Module Firmware » Version: 1.05

cpe:2.3:o:lenovo:system_management_module_firmware:1.05