VAR-201705-2454
Vulnerability from variot - Updated: 2025-04-20 23:38The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Lenovo Solution Center There are multiple vulnerabilities in the attacker SYSTEM Arbitrary code execution with privileges is possible. This process 55555 Using the number port HTTP daemon By running GET Request or POST By request LSCController.dll The execution of the method in the module is realized. LSCController.dll Contains a number of unsafe methods. That 1 One RunInstaller Is %APPDATA%\LSC\Local Store Designed to carry arbitrary code placed in a directory. This directory is created for all users who can log in to the system, so users can write to this directory without having system administrator privileges. By exploiting this vulnerability, ordinary users can SYSTEM Arbitrary code can be executed with authority. CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Directory traversal (CWE-22) By exploiting a directory traversal vulnerability, an attacker can execute code that resides anywhere on the drive where the user profile resides. If an attacker can place arbitrary code in a predictable location on a vulnerable system, the attacker SYSTEM Arbitrary code can be executed with authority. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') http://cwe.mitre.org/data/definitions/22.html Cross-site request forgery (CWE-352) Lenovo Solution Center of LSCTaskService There is a cross-site request forgery (CSRF) Vulnerabilities exist. CSRF The attacker can use a malicious or specially crafted website. SYSTEM You can execute code with authorization. CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html All of these vulnerabilities are Lenovo Solution Center It is considered that the condition of establishment is that it is activated once. Also Lenovo Solution Center By ending LSCTaskService The process is likely to stop. Lenovo Expresses the following views: "Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available." Lenovo Recently partnered with cyber security partners CERT/CC From Lenovo Solution Center (LSC) I was informed about the vulnerabilities. We are reviewing the vulnerabilities report as a top priority and are willing to provide updates and necessary fixes as soon as possible. For further information and updates Lenovo Will be posted on the Security Advisory page. Lenovo Security Advisory page https://support.lenovo.com/us/en/product_security/len_4326Lenovo Solution Center Crafted by the user who started HTML document ( website, HTML Email, attached file, etc. ) By browsing the attacker, SYSTEM It is possible to execute arbitrary code with authority. Users who can log into the system themselves SYSTEM It is also possible to execute arbitrary code with privileges. Lenovo Solution Center (LSC) is a set of software used by China's Lenovo to help users quickly identify the health status of the system, network connection, and security status of the entire system. Attackers can use these vulnerabilities to perform unauthorized operations and obtain sensitive information. A local attacker can exploit this vulnerability to gain elevated privileges. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-2454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solution center",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "solution center",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.3.0001"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "solution center",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "3.3.0001"
},
{
"model": "solution center",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#294607"
},
{
"db": "BID",
"id": "78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:solution_center",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TheWack0lian",
"sources": [
{
"db": "BID",
"id": "78556"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
}
],
"trust": 1.5
},
"cve": "CVE-2016-1876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1876",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-006112",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-90695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-1876",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1876",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2015-006112",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-293",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90695"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Lenovo Solution Center There are multiple vulnerabilities in the attacker SYSTEM Arbitrary code execution with privileges is possible. This process 55555 Using the number port HTTP daemon By running GET Request or POST By request LSCController.dll The execution of the method in the module is realized. LSCController.dll Contains a number of unsafe methods. That 1 One RunInstaller Is %APPDATA%\\LSC\\Local Store Designed to carry arbitrary code placed in a directory. This directory is created for all users who can log in to the system, so users can write to this directory without having system administrator privileges. By exploiting this vulnerability, ordinary users can SYSTEM Arbitrary code can be executed with authority. CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Directory traversal (CWE-22) By exploiting a directory traversal vulnerability, an attacker can execute code that resides anywhere on the drive where the user profile resides. If an attacker can place arbitrary code in a predictable location on a vulnerable system, the attacker SYSTEM Arbitrary code can be executed with authority. CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) http://cwe.mitre.org/data/definitions/22.html Cross-site request forgery (CWE-352) Lenovo Solution Center of LSCTaskService There is a cross-site request forgery (CSRF) Vulnerabilities exist. CSRF The attacker can use a malicious or specially crafted website. SYSTEM You can execute code with authorization. CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html All of these vulnerabilities are Lenovo Solution Center It is considered that the condition of establishment is that it is activated once. Also Lenovo Solution Center By ending LSCTaskService The process is likely to stop. Lenovo Expresses the following views: \"Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available.\" Lenovo Recently partnered with cyber security partners CERT/CC From Lenovo Solution Center (LSC) I was informed about the vulnerabilities. We are reviewing the vulnerabilities report as a top priority and are willing to provide updates and necessary fixes as soon as possible. For further information and updates Lenovo Will be posted on the Security Advisory page. Lenovo Security Advisory page https://support.lenovo.com/us/en/product_security/len_4326Lenovo Solution Center Crafted by the user who started HTML document ( website, HTML Email, attached file, etc. ) By browsing the attacker, SYSTEM It is possible to execute arbitrary code with authority. Users who can log into the system themselves SYSTEM It is also possible to execute arbitrary code with privileges. Lenovo Solution Center (LSC) is a set of software used by China\u0027s Lenovo to help users quickly identify the health status of the system, network connection, and security status of the entire system. Attackers can use these vulnerabilities to perform unauthorized operations and obtain sensitive information. \nA local attacker can exploit this vulnerability to gain elevated privileges. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1876"
},
{
"db": "CERT/CC",
"id": "VU#294607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"db": "BID",
"id": "78555"
},
{
"db": "BID",
"id": "78556"
},
{
"db": "VULHUB",
"id": "VHN-90695"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1876",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#294607",
"trust": 2.2
},
{
"db": "BID",
"id": "78555",
"trust": 1.0
},
{
"db": "BID",
"id": "78556",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912021",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90695",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#294607"
},
{
"db": "VULHUB",
"id": "VHN-90695"
},
{
"db": "BID",
"id": "78555"
},
{
"db": "BID",
"id": "78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"id": "VAR-201705-2454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90695"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:38:31.502000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-4326",
"trust": 1.6,
"url": "https://support.lenovo.com/jp/ja/product_security/len_4326"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-22",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90695"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://support.lenovo.com/us/en/product_security/len_4326"
},
{
"trust": 1.6,
"url": "http://rol.im/oemdrop/"
},
{
"trust": 1.4,
"url": "http://www.kb.cert.org/vuls/id/294607"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1876"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94912021/index.html"
},
{
"trust": 0.6,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/78556"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/78555"
},
{
"trust": 0.3,
"url": "https://www.trustwave.com/resources/security-advisories/advisories/twsl2016-009/?fid=7895"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#294607"
},
{
"db": "VULHUB",
"id": "VHN-90695"
},
{
"db": "BID",
"id": "78555"
},
{
"db": "BID",
"id": "78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#294607"
},
{
"db": "VULHUB",
"id": "VHN-90695"
},
{
"db": "BID",
"id": "78555"
},
{
"db": "BID",
"id": "78556"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-04T00:00:00",
"db": "CERT/CC",
"id": "VU#294607"
},
{
"date": "2017-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-90695"
},
{
"date": "2015-12-04T00:00:00",
"db": "BID",
"id": "78555"
},
{
"date": "2015-12-04T00:00:00",
"db": "BID",
"id": "78556"
},
{
"date": "2017-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"date": "2015-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"date": "2017-05-23T04:29:01.243000",
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-22T00:00:00",
"db": "CERT/CC",
"id": "VU#294607"
},
{
"date": "2017-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-90695"
},
{
"date": "2016-07-06T14:42:00",
"db": "BID",
"id": "78555"
},
{
"date": "2015-12-04T00:00:00",
"db": "BID",
"id": "78556"
},
{
"date": "2017-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008606"
},
{
"date": "2015-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006112"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-292"
},
{
"date": "2017-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-293"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-1876"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "78555"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-293"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF",
"sources": [
{
"db": "CERT/CC",
"id": "VU#294607"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-292"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…