Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 7.2 HIGH | 7.8 HIGH |
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||||
CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 6.8 MEDIUM | 8.8 HIGH |
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||||
CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 5.0 MEDIUM | 7.5 HIGH |
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | |||||
CVE-2016-8230 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 5.0 MEDIUM | 7.5 HIGH |
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. |