← Back

Lenovo

lenovo

395 CVEs • 4,474 products

Products (4,474)

Click to collapse
Toggle
Thinkcentre M625q Firmware
thinkcentre_m625q_firmware
28 CVEs
Xclarity Administrator
xclarity_administrator
27 CVEs
Ideacentre 5 14iob6 Firmware
ideacentre_5-14iob6_firmware
27 CVEs
Ideacentre G5 14imb05 Firmware
ideacentre_g5-14imb05_firmware
27 CVEs
Ideacentre Gaming 5 14iob6 Firmware
ideacentre_gaming_5-14iob6_firmware
27 CVEs
Thinkcentre M75n Firmware
thinkcentre_m75n_firmware
27 CVEs
V50t 13imb Firmware
v50t-13imb_firmware
27 CVEs
Ideacentre 3 07imb05 Firmware
ideacentre_3-07imb05_firmware
26 CVEs
Ideacentre Creator 5 14iob6 Firmware
ideacentre_creator_5-14iob6_firmware
26 CVEs
Thinkcentre M75s Gen 2 Firmware
thinkcentre_m75s_gen_2_firmware
26 CVEs
Thinkcentre M75t Gen 2 Firmware
thinkcentre_m75t_gen_2_firmware
26 CVEs
V30a 22iml Firmware
v30a-22iml_firmware
26 CVEs
V50s 07imb Firmware
v50s-07imb_firmware
26 CVEs
Ideacentre C5 14imb05 Firmware
ideacentre_c5-14imb05_firmware
26 CVEs
Thinkcentre M80t Firmware
thinkcentre_m80t_firmware
25 CVEs
Thinkcentre M80s Firmware
thinkcentre_m80s_firmware
25 CVEs
Thinkcentre M90s Firmware
thinkcentre_m90s_firmware
25 CVEs
Thinkcentre M70c Firmware
thinkcentre_m70c_firmware
25 CVEs
Thinkcentre M70q Firmware
thinkcentre_m70q_firmware
25 CVEs
Thinkcentre M80q Firmware
thinkcentre_m80q_firmware
25 CVEs
Thinkcentre M90a Firmware
thinkcentre_m90a_firmware
25 CVEs
Thinkcentre M90q Tiny Firmware
thinkcentre_m90q_tiny_firmware
25 CVEs
V50a 24imb Firmware
v50a-24imb_firmware
25 CVEs
V50a 22imb Firmware
v50a-22imb_firmware
25 CVEs
Thinkedge Se30 Firmware
thinkedge_se30_firmware
25 CVEs
V30a 24iml Firmware
v30a-24iml_firmware
25 CVEs
Legion T7 34imz5 Firmware
legion_t7-34imz5_firmware
25 CVEs
Ideacentre 3 07ada05 Firmware
ideacentre_3-07ada05_firmware
25 CVEs
Ideacentre G5 14amr05 Firmware
ideacentre_g5-14amr05_firmware
25 CVEs
V55t Gen 2 13acn Firmware
v55t_gen_2_13acn_firmware
25 CVEs
Thinkcentre M90t Firmware
thinkcentre_m90t_firmware
24 CVEs
Thinkcentre M630e Firmware
thinkcentre_m630e_firmware
24 CVEs
Thinkcentre M70s Firmware
thinkcentre_m70s_firmware
24 CVEs
Thinkcentre M70t Firmware
thinkcentre_m70t_firmware
24 CVEs
Thinkcentre M75q Gen 2 Firmware
thinkcentre_m75q_gen_2_firmware
23 CVEs
Ideacentre 5 14imb05 Firmware
ideacentre_5-14imb05_firmware
22 CVEs
Ideacentre Mini 5 01imh05 Firmware
ideacentre_mini_5-01imh05_firmware
22 CVEs
Thinkstation P320 Workstation Firmware
thinkstation_p320_workstation_firmware
21 CVEs
Thinkstation P330 Workstation Firmware
thinkstation_p330_workstation_firmware
21 CVEs
Thinkstation P330 Workstation 2nd Gen Firmware
thinkstation_p330_workstation_2nd_gen_firmware
21 CVEs
Thinkstation P340 Tiny Workstation Firmware
thinkstation_p340_tiny_workstation_firmware
21 CVEs
Thinkstation P340 Workstation Firmware
thinkstation_p340_workstation_firmware
21 CVEs
Thinkstation P348 Workstation Firmware
thinkstation_p348_workstation_firmware
21 CVEs
Thinkstation P350 Workstation Firmware
thinkstation_p350_workstation_firmware
21 CVEs
Thinkstation P520 Workstation Firmware
thinkstation_p520_workstation_firmware
21 CVEs
Thinkstation P520c Workstation Firmware
thinkstation_p520c_workstation_firmware
21 CVEs
Thinkstation P720 Workstation Firmware
thinkstation_p720_workstation_firmware
21 CVEs
Thinkstation P920 Workstation Firmware
thinkstation_p920_workstation_firmware
21 CVEs
Ideacentre Mini 5 01iaq7 Firmware
ideacentre_mini_5_01iaq7_firmware
21 CVEs
Ideacentre Aio 3 27itl6 Firmware
ideacentre_aio_3-27itl6_firmware
20 CVEs
Ideacentre Aio 3 24itl6 Firmware
ideacentre_aio_3-24itl6_firmware
20 CVEs
Ideacentre Aio 3 22itl6 Firmware
ideacentre_aio_3-22itl6_firmware
20 CVEs
Ideacentre 5 14iab7 Firmware
ideacentre_5_14iab7_firmware
20 CVEs
Ideacentre 5 14acn6 Firmware
ideacentre_5-14acn6_firmware
20 CVEs
Ideacentre Gaming 5 17acn7 Firmware
ideacentre_gaming_5_17acn7_firmware
20 CVEs
Ideacentre Gaming 5 17iab7 Firmware
ideacentre_gaming_5_17iab7_firmware
20 CVEs
Ideacentre Gaming 5 14acn6 Firmware
ideacentre_gaming_5-14acn6_firmware
20 CVEs
Thinkcentre M920z All In One Firmware
thinkcentre_m920z_all-in-one_firmware
20 CVEs
V50t 13imh Firmware
v50t-13imh_firmware
20 CVEs
Thinkstation P360 Workstation Firmware
thinkstation_p360_workstation_firmware
20 CVEs
Thinkcentre M70q Gen 2 Firmware
thinkcentre_m70q_gen_2_firmware
19 CVEs
Thinkcentre M70s Gen 3 Firmware
thinkcentre_m70s_gen_3_firmware
19 CVEs
Thinkcentre M70t Gen 3 Firmware
thinkcentre_m70t_gen_3_firmware
19 CVEs
Thinkcentre M90q Gen 2 Firmware
thinkcentre_m90q_gen_2_firmware
19 CVEs
Pcmanager
pcmanager
18 CVEs
Ideacentre Aio 3 24iil5 Firmware
ideacentre_aio_3-24iil5_firmware
18 CVEs
Ideacentre Aio 3 22iil5 Firmware
ideacentre_aio_3-22iil5_firmware
18 CVEs
Thinkcentre M90a (gen 2) Firmware
thinkcentre_m90a_(gen_2)_firmware
18 CVEs
Thinkcentre Neo 50t Gen 3 Firmware
thinkcentre_neo_50t_gen_3_firmware
18 CVEs
Ideacentre T540 15ama G Firmware
ideacentre_t540-15ama_g_firmware
18 CVEs
Ideacentre Aio 3 24alc6 Firmware
ideacentre_aio_3-24alc6_firmware
17 CVEs
Ideacentre Aio 3 22imb05 Firmware
ideacentre_aio_3-22imb05_firmware
17 CVEs
Ideacentre Aio 3 24imb05 Firmware
ideacentre_aio_3-24imb05_firmware
17 CVEs
Ideacentre Aio 3 27imb05 Firmware
ideacentre_aio_3-27imb05_firmware
17 CVEs
Ideacentre Aio 3 21itl7 Firmware
ideacentre_aio_3_21itl7_firmware
17 CVEs
V30a 22itl Firmware
v30a-22itl_firmware
17 CVEs
V30a 24itl Firmware
v30a-24itl_firmware
17 CVEs
Thinkstation P350 Tiny Workstation Firmware
thinkstation_p350_tiny_workstation_firmware
16 CVEs
Thinkstation P360 Tiny Workstation Firmware
thinkstation_p360_tiny_workstation_firmware
16 CVEs
Ideacentre Aio 3 22iap7 Firmware
ideacentre_aio_3_22iap7_firmware
16 CVEs
Ideacentre Aio 3 24iap7 Firmware
ideacentre_aio_3_24iap7_firmware
16 CVEs
Ideacentre Aio 3 27iap7 Firmware
ideacentre_aio_3_27iap7_firmware
16 CVEs
Ideacentre Aio 5 24iah7 Firmware
ideacentre_aio_5_24iah7_firmware
16 CVEs
Ideacentre Aio 5 27iah7 Firmware
ideacentre_aio_5_27iah7_firmware
16 CVEs
Legion T7 34iaz7 Firmware
legion_t7-34iaz7_firmware
16 CVEs
Thinkcentre M80q Gen 3 Firmware
thinkcentre_m80q_gen_3_firmware
16 CVEs
Thinkcentre M80s Gen 3 Firmware
thinkcentre_m80s_gen_3_firmware
16 CVEs
Thinkcentre M80t Gen 3 Firmware
thinkcentre_m80t_gen_3_firmware
16 CVEs
Thinkcentre M90a Gen 3 Firmware
thinkcentre_m90a_gen_3_firmware
16 CVEs
Thinkcentre M90a Pro Gen 3 Firmware
thinkcentre_m90a_pro_gen_3_firmware
16 CVEs
Thinkcentre M90q Gen 3 Firmware
thinkcentre_m90q_gen_3_firmware
16 CVEs
Thinkcentre M90s Gen 3 Firmware
thinkcentre_m90s_gen_3_firmware
16 CVEs
Thinkcentre M90t Gen 3 Firmware
thinkcentre_m90t_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 22 Gen 3 Firmware
thinkcentre_neo_30a_22_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 24 Gen 3 Firmware
thinkcentre_neo_30a_24_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 27 Gen 3 Firmware
thinkcentre_neo_30a_27_gen_3_firmware
16 CVEs
Thinkcentre Neo 70t Gen 3 Firmware
thinkcentre_neo_70t_gen_3_firmware
16 CVEs
System Update
system_update
15 CVEs
Thinkstation P920 Firmware
thinkstation_p920_firmware
15 CVEs
Thinkcentre M920q Firmware
thinkcentre_m920q_firmware
15 CVEs

CVEs (395)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-3417
1Lenovo
1Xclarity Orchestrator
Nov 21, 2024
Mar 9, 2021
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log f...Show more
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.Show less
CVE-2020-8357
1Lenovo
1Pcmanager
Nov 21, 2024
Mar 9, 2021
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
CVE-2020-8356
1Lenovo
1Xclarity Orchestrator
Nov 21, 2024
Mar 9, 2021
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected lo...Show more
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.Show less
CVE-2020-8355
1Lenovo
1Xclarity Administrator
Nov 21, 2024
Feb 10, 2021
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captur...Show more
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.Show less
CVE-2020-8351
1Lenovo
1Pcmanager
Nov 21, 2024
Nov 30, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
CVE-2020-8354
1Lenovo
1Notebook Firmware
Nov 21, 2024
Nov 11, 2020
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
CVE-2020-8353
1Lenovo
14Thinkcentre M80s Firmware
Thinkcentre M80t FirmwareThinkcentre M90s Firmware+11 more
Nov 21, 2024
Nov 11, 2020
N/A· v4
6.7 MEDIUM· v3
4.6 MEDIUM· v2
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access...Show more
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.Show less
CVE-2020-8352
1Lenovo
16Qitian 4500 Firmware
Qitian B4550 FirmwareQitian M4550 Firmware+13 more
Nov 21, 2024
Nov 11, 2020
N/A· v4
2.4 LOW· v3
2.1 LOW· v2
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
CVE-2020-8350
1Lenovo
1Thinkpad Stack Wireless Router Firmware
Nov 21, 2024
Oct 14, 2020
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.
CVE-2020-8349
1Lenovo
1Cloud Networking Operating System
Nov 21, 2024
Oct 14, 2020
N/A· v4
9.8 CRITICAL· v3
6.8 MEDIUM· v2
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default...Show more
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.Show less
CVE-2020-8345
1Lenovo
1Hardware Scan
Nov 21, 2024
Oct 14, 2020
N/A· v4
7.8 HIGH· v3
4.4 MEDIUM· v2
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
CVE-2020-8338
1Lenovo
1Diagnostics
Nov 21, 2024
Oct 14, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
CVE-2020-8332
1Lenovo
18Bladecenter Hs23 Firmware
Bladecenter Hs23e FirmwareCompute Node X440 Firmware+15 more
Nov 21, 2024
Oct 14, 2020
N/A· v4
6.4 MEDIUM· v3
6.9 MEDIUM· v2
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not af...Show more
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.Show less
CVE-2020-8348
1Lenovo
1Enterprise Network Disk
Nov 21, 2024
Sep 24, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser sess...Show more
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.Show less
CVE-2020-8347
1Lenovo
1Enterprise Network Disk
Nov 21, 2024
Sep 24, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafte...Show more
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.Show less
CVE-2020-8333
1Lenovo
2763 Firmware
H50 30g FirmwareM4500 Firmware+24 more
Nov 21, 2024
Sep 24, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
CVE-2020-8346
1Lenovo
1System Interface Foundation
Nov 21, 2024
Sep 15, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locati...Show more
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.Show less
CVE-2020-8342
1Lenovo
1System Update
Nov 21, 2024
Sep 15, 2020
N/A· v4
7.0 HIGH· v3
6.9 MEDIUM· v2
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
CVE-2020-8340
1Lenovo
1Integrated Management Module 2
Nov 21, 2024
Sep 15, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface d...Show more
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.Show less
CVE-2020-8341
1Lenovo
10Thinkpad T490 (20nx) Firmware
Thinkpad T490 (20qx) FirmwareThinkpad T490 (20rx) Firmware+7 more
Nov 21, 2024
Sep 1, 2020
N/A· v4
2.4 LOW· v3
2.1 LOW· v2
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After...Show more
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.Show less