Lenovo: Security Vulnerabilities
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-27
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-25
An authenticated XCC user can change permissions for any user through a crafted API command.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-25
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
4.1
EPSS Score
0.001
Published
2023-10-25
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-25
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-25
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.846
Published
2023-10-25
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-25
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-09
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-09