Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for lenovo_service_bridge by lenovo

    CVE-2016-8231 (GCVE-0-2016-8231)

    Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
    Severity
    No CVSS data available.
    CWE
    • Insecure code signing certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure code signing certificate validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure code signing certificate validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8231",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8230 (GCVE-0-2016-8230)

    Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
    Severity
    No CVSS data available.
    CWE
    • Insecure HTTP connection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure HTTP connection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure HTTP connection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8230",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8229 (GCVE-0-2016-8229)

    Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
    Severity
    No CVSS data available.
    CWE
    • CSRF
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8229",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8228 (GCVE-0-2016-8228)

    Vulnerability from nvd – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8228",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8230 (GCVE-0-2016-8230)

    Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
    Severity
    No CVSS data available.
    CWE
    • Insecure HTTP connection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure HTTP connection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo\u0027s servers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure HTTP connection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8230",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8231 (GCVE-0-2016-8231)

    Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
    Severity
    No CVSS data available.
    CWE
    • Insecure code signing certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure code signing certificate validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure code signing certificate validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8231",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8228 (GCVE-0-2016-8228)

    Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8228",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8229 (GCVE-0-2016-8229)

    Vulnerability from cvelistv5 – Published: 2017-06-03 00:00 – Updated: 2024-08-06 02:13
    VLAI
    Summary
    A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
    Severity
    No CVSS data available.
    CWE
    • CSRF
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Service Bridge Affected: Earlier than version 4
    Create a notification for this product.
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:13:21.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Bridge",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than version 4"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-02T23:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2016-8229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Service Bridge",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than version 4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-10149",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-10149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2016-8229",
        "datePublished": "2017-06-03T00:00:00.000Z",
        "dateReserved": "2016-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:13:21.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }