Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for Service Bridge by Lenovo

    CVE-2026-1636 (GCVE-0-2026-1636)

    Vulnerability from nvd – Published: 2026-04-15 12:27 – Updated: 2026-04-16 03:55
    VLAI
    Summary
    A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: 0 , < 5.0.2.20 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T03:55:27.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.0.2.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.0.2.20",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
                }
              ],
              "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T12:27:54.562Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-211071"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically. \u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.3.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2026-1636",
        "datePublished": "2026-04-15T12:27:54.562Z",
        "dateReserved": "2026-01-29T16:42:53.823Z",
        "dateUpdated": "2026-04-16T03:55:27.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4696 (GCVE-0-2024-4696)

    Vulnerability from nvd – Published: 2024-06-13 20:01 – Updated: 2024-08-01 20:47
    VLAI
    Summary
    A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: 0 , < 5.0.2.17 (custom)
    Create a notification for this product.
    lenovo service_bridge Affected: 0 , < 5.0.2.17 (custom)
        cpe:2.3:a:lenovo:service_bridge:5.0.2.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lenovo:service_bridge:5.0.2.17:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "service_bridge",
                "vendor": "lenovo",
                "versions": [
                  {
                    "lessThan": "5.0.2.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T15:39:25.962300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T15:40:41.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:47:41.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-163429"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.0.2.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.\u202f\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T20:01:18.145Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-163429"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2024-4696",
        "datePublished": "2024-06-13T20:01:18.145Z",
        "dateReserved": "2024-05-09T16:18:19.615Z",
        "dateUpdated": "2024-08-01T20:47:41.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6169 (GCVE-0-2019-6169)

    Vulnerability from nvd – Published: 2019-06-26 14:12 – Updated: 2024-09-16 20:32
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
    CWE
    • unencrypted downloads over FTP
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unencrypted downloads over FTP",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6169",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unencrypted downloads over FTP"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6169",
        "datePublished": "2019-06-26T14:12:34.865Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:51.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6168 (GCVE-0-2019-6168)

    Vulnerability from nvd – Published: 2019-06-26 14:12 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6168",
        "datePublished": "2019-06-26T14:12:34.822Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:33.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6167 (GCVE-0-2019-6167)

    Vulnerability from nvd – Published: 2019-06-26 14:12 – Updated: 2024-09-16 17:02
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6167",
        "datePublished": "2019-06-26T14:12:34.783Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:02:52.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6166 (GCVE-0-2019-6166)

    Vulnerability from nvd – Published: 2019-06-26 14:12 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
    CWE
    • cross-site request forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6166",
        "datePublished": "2019-06-26T14:12:34.747Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:55.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-1636 (GCVE-0-2026-1636)

    Vulnerability from cvelistv5 – Published: 2026-04-15 12:27 – Updated: 2026-04-16 03:55
    VLAI
    Summary
    A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: 0 , < 5.0.2.20 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T03:55:27.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.0.2.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.0.2.20",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
                }
              ],
              "value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T12:27:54.562Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-211071"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically. \u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.3.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2026-1636",
        "datePublished": "2026-04-15T12:27:54.562Z",
        "dateReserved": "2026-01-29T16:42:53.823Z",
        "dateUpdated": "2026-04-16T03:55:27.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4696 (GCVE-0-2024-4696)

    Vulnerability from cvelistv5 – Published: 2024-06-13 20:01 – Updated: 2024-08-01 20:47
    VLAI
    Summary
    A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: 0 , < 5.0.2.17 (custom)
    Create a notification for this product.
    lenovo service_bridge Affected: 0 , < 5.0.2.17 (custom)
        cpe:2.3:a:lenovo:service_bridge:5.0.2.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:lenovo:service_bridge:5.0.2.17:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "service_bridge",
                "vendor": "lenovo",
                "versions": [
                  {
                    "lessThan": "5.0.2.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T15:39:25.962300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T15:40:41.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:47:41.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-163429"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.0.2.17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.\u202f\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T20:01:18.145Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-163429"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Upgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2024-4696",
        "datePublished": "2024-06-13T20:01:18.145Z",
        "dateReserved": "2024-05-09T16:18:19.615Z",
        "dateUpdated": "2024-08-01T20:47:41.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6169 (GCVE-0-2019-6169)

    Vulnerability from cvelistv5 – Published: 2019-06-26 14:12 – Updated: 2024-09-16 20:32
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
    CWE
    • unencrypted downloads over FTP
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unencrypted downloads over FTP",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6169",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unencrypted downloads over FTP"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6169",
        "datePublished": "2019-06-26T14:12:34.865Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:32:51.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6168 (GCVE-0-2019-6168)

    Vulnerability from cvelistv5 – Published: 2019-06-26 14:12 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6168",
        "datePublished": "2019-06-26T14:12:34.822Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:33.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6167 (GCVE-0-2019-6167)

    Vulnerability from cvelistv5 – Published: 2019-06-26 14:12 – Updated: 2024-09-16 17:02
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6167",
        "datePublished": "2019-06-26T14:12:34.783Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:02:52.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6166 (GCVE-0-2019-6166)

    Vulnerability from cvelistv5 – Published: 2019-06-26 14:12 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
    CWE
    • cross-site request forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Service Bridge Affected: unspecified , < 4.1.0.1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Bill Demirkapi for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27725"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.1.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-26T14:12:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27725"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27725",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.1.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27725",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27725"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27725",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6166",
        "datePublished": "2019-06-26T14:12:34.747Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:55.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201706-0111

    Vulnerability from variot - Updated: 2025-04-20 23:13

    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0111",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "service bridge",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": "service bridge",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": "4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:lenovo:lenovo_service_bridge",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          }
        ]
      },
      "cve": "CVE-2016-8228",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8228",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-97048",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2016-8228",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8228",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8228",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-093",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97048",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8228",
            "trust": 2.5
          },
          {
            "db": "LENOVO",
            "id": "LEN-10149",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97048",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "id": "VAR-201706-0111",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:13:06.325000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LEN-10149",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/ja/product_security/len-10149"
          },
          {
            "title": "Lenovo Service Bridge Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70754"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-10149"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8228"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8228"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "date": "2017-06-04T21:29:00.187000",
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97048"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8228"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lenovo Service Bridge Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008619"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-093"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0114

    Vulnerability from variot - Updated: 2025-04-20 23:13

    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. Lenovo Service Bridge Contains a certificate validation vulnerability.Information may be tampered with. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0114",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "service bridge",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": "service bridge",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": "4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:lenovo:lenovo_service_bridge",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          }
        ]
      },
      "cve": "CVE-2016-8231",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8231",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97051",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8231",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8231",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8231",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-090",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97051",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. Lenovo Service Bridge Contains a certificate validation vulnerability.Information may be tampered with. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8231",
            "trust": 2.5
          },
          {
            "db": "LENOVO",
            "id": "LEN-10149",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97051",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "id": "VAR-201706-0114",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:13:06.300000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LEN-10149",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/ja/product_security/len-10149"
          },
          {
            "title": "Lenovo Service Bridge Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70751"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-10149"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8231"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8231"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "date": "2017-06-04T21:29:00.327000",
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97051"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8231"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lenovo Service Bridge Vulnerabilities related to certificate validation",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008622"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-090"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0112

    Vulnerability from variot - Updated: 2025-04-20 23:13

    A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A remote attacker could exploit this vulnerability to perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0112",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "service bridge",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": "service bridge",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": "4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:lenovo:lenovo_service_bridge",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          }
        ]
      },
      "cve": "CVE-2016-8229",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-8229",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-97049",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-8229",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8229",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8229",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-092",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97049",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-8229",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A remote attacker could exploit this vulnerability to perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8229",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-10149",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97049",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "id": "VAR-201706-0112",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:13:06.272000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LEN-10149",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/ja/product_security/len-10149"
          },
          {
            "title": "Lenovo Service Bridge Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70753"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://support.lenovo.com/us/en/product_security/len-10149"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8229"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8229"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "date": "2017-06-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "date": "2017-06-04T21:29:00.247000",
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97049"
          },
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8229"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8229"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lenovo Service Bridge Vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008620"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-092"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-0113

    Vulnerability from variot - Updated: 2025-04-20 23:13

    In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0113",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "service bridge",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": "service bridge",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": "4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:lenovo:lenovo_service_bridge",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          }
        ]
      },
      "cve": "CVE-2016-8230",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8230",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97050",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8230",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8230",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8230",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201706-091",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97050",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8230",
            "trust": 2.5
          },
          {
            "db": "LENOVO",
            "id": "LEN-10149",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97050",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "id": "VAR-201706-0113",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:13:06.247000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LEN-10149",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/ja/product_security/len-10149"
          },
          {
            "title": "Lenovo Service Bridge Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70752"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-10149"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8230"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8230"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "date": "2017-06-04T21:29:00.277000",
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97050"
          },
          {
            "date": "2017-06-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8230"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lenovo Service Bridge Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008621"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201706-091"
          }
        ],
        "trust": 0.6
      }
    }