Search
Find a vulnerability
Search criteria
4 vulnerabilities found for installation_package by lenovo
CVE-2019-6196 (GCVE-0-2019-6196)
Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-17 00:25
VLAI
Summary
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
Severity
6.7 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Installation Packages |
Affected:
unspecified , < 1.2.9.3
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installation Packages",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:34.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2019-6196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installation Packages",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-27431",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
]
},
"solution": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6196",
"datePublished": "2020-06-09T19:50:34.538Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:55.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6173 (GCVE-0-2019-6173)
Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-16 17:54
VLAI
Summary
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
Severity
6.7 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Installation Packages |
Affected:
unspecified , < 1.2.9.3
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installation Packages",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:33.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2019-6173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installation Packages",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-27431",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
]
},
"solution": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6173",
"datePublished": "2020-06-09T19:50:34.062Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:54.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6196 (GCVE-0-2019-6196)
Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-17 00:25
VLAI
Summary
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
Severity
6.7 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Installation Packages |
Affected:
unspecified , < 1.2.9.3
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installation Packages",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:34.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2019-6196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installation Packages",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-27431",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
]
},
"solution": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6196",
"datePublished": "2020-06-09T19:50:34.538Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:55.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6173 (GCVE-0-2019-6173)
Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-16 17:54
VLAI
Summary
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
Severity
6.7 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Installation Packages |
Affected:
unspecified , < 1.2.9.3
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installation Packages",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:33.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2019-6173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installation Packages",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-27431",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-27431"
}
]
},
"solution": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected."
}
],
"source": {
"advisory": "LEN-27431",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6173",
"datePublished": "2020-06-09T19:50:34.062Z",
"dateReserved": "2019-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:54.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}