Lenovo: Security Vulnerabilities
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2019-06-26
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-06-26
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Score
7.4
EPSS Score
0.016
Published
2019-06-13
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-06-13
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
CVSS Score
8.7
EPSS Score
0.003
Published
2019-05-03
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-04-22
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-04-10
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-04-10
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-03-18
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-14