Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
624 vulnerabilities
CVE-2025-10238 (GCVE-0-2025-10238)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:11 – Updated: 2026-06-10 16:05
VLAI
Summary
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | vendor-advisory |
Impacted products
108 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:05:49.022284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:05:54.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "BIOS: 1.13 / ECFW: 1.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "UEFI BIOS V1.22/ECP V1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E16 Gen 3 (Type 22AY, 22B0) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.62/1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.65/1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "BIOS: 1.40 / ECFW: 1.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "BIOS: 1.61 / ECFW: 1.57",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.51",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad R14 Gen 5 Type 21JM PRC BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.62/1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.69",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.39",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X9-15 Gen 1 (Type 21Q6, 21Q7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E16 Gen 3 (Type 21SR, 21SS) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.45/1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.51",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 3 (Type 21J5, 21J6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.63",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.76",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.48",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E15 Gen 4 (type 21ED 21EE) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Gen 7 Type 21BD BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38/1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.75",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E15 Gen 3 (Type 20YG, 20YH, 20YJ, 20YK) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.51",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.64",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.83",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Yoga Gen 6 Type 21AG China Only BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.68",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X12 Detachable Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E16 Gen 2 (Type 21MA, 21MB) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.73",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E16 Gen 3 (Type 21ST, 21SU) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.69/1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.57",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.66/1.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.87/1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.85/1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.55",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E14 Gen 7 (Type 21T9, 21TA) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rk_21rl_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_carbon_13th_gen_type_21nx_21ny_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_3_type_21rs_21rt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bios_1.13_ecfw_1.09",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l16_gen_1_type_21l7_21l8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21tb_21tc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21qt_21qu_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "uefi_bios_v1.22_ecp_v1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_6_type_21rb_21rc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21se_21sf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_22ay_22b0_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l16_gen_2_type_21sc_21sd_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rm_21rn_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.62_1.12",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21r1_21r2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_9_type_21ke_21kf_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.45",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_fold_16_gen_1_type_21es_21et_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.25",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:z16_gen_2_type_21jx_21jy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fe_21ff_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.65_1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_4_type_21j3_21j4_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f8_21f9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_4_type_21k5_21k6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.47",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_6_type_21fv_21fw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fc_21fd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bios_1.40_ecfw_1.09",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16_gen_2_type_21fa_21fb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bios_1.61_ecfw_1.57",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16s_gen_2_type_21hk_21hl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.51",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e14_gen_5_type_21jr_21js_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.29",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f6_21f7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_r14_gen_5_type_21jm_prc_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.41",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_4_type_21h1_21h2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_4_type_21fg_21fh_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_3_type_21k1_21k2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:s2_yoga_gen_8_types_21fu_china_only_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l15_gen_4_type_21h7_21h8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_8th_gen_type_21hq_21hr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21m1_21m2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.62_1.12",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p15v_gen_3_type_21en_21em_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16_gen_1_type_21d6_21d7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_10_type_21nu_21nv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.39",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x9-15_gen_1_type_21q6_21q7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x9-14_gen_1_type_21qa_21qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_5_type_21ls_21lt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_5_type_21l1_21l2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e14_gen_6_type_21m3_21m4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_21sr_21ss_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14_gen_3_type_21ah_21aj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.45_1.25",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15p_gen_3_type_21da_21db_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.67",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_5_type_21dc_21dd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.29",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21cq_21cr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.51",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_3_type_21j5_21j6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.63",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:z16_gen_1_type_21d4_21d5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.76",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21br_21bs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.48",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c1_21c2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.44",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_3_type_21aw_21ax_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.25",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_yoga_gen_3_type_21b5_21b6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e14_gen_4_type_21e3_21e4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_2_type_21e8_21e9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.32",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e15_gen_4_type_21ed_21ee_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_7_type_21bd_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_7th_gen_type_21cd_21ce_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.52",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c5_21c6_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_20vn_china_only_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38_1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_6th_gen_type_20xy_20y0_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.75",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e15_gen_3_type_20yg_20yh_20yj_20yk_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_2_type_20w8_20w9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.51",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20wk_20wl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.64",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x5_20x6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15g_gen_1_type_20ur_20us_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.97",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20xh_20xj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15p_gen_2_type_21a7_21a8_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.83",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_2_type_21a0_21a1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_21ag_china_only_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_4th_gen_type_20y5_20y6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p17_gen_2_type_20yu_20yv_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.97",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_titanium_type_20qa_20qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_1_type_20un_20uq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.68",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_1_type_20uw_20uv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e16_gen_2_type_21ma_21mb_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_5_type_21lu_21lv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x1_20x2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.73",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e16_gen_3_type_21st_21su_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_21qe_21qf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_22aw_22ax_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.08",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15_gen_2_type_20w4_20w5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69_1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_fold_gen_1_type_20rk_20rl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_3rd_gen_type_20tk_20tl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_type_20t0_20t1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15_type_20s6_20s7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_1_type_20sx_20sy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.57",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_5th_gen_type_20ub_20uc_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.41",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x390_yoga_type_20nn_20nq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.05",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_4th_gen_type_20sa_20sb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.66_1.55",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x390_type_20sc_20sd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.87_1.32",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p73_type_20qr_20qs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.01",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t490_type_20n2_20n3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.85_1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_2nd_gen_type_20qv_20qw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.55",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l390_type_20nr_20ns_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.53",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_type_20r3_20r4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.45",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_5_type_21lb_21lc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:e14_gen_7_type_21t9_21ta_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21ql_21qm_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_2-in-1_gen_6_type_21r7_21r8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21s6_21s7_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21qx_21qy_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_7_type_21kv_21kw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14_gen_5_type_21mc_21md_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_2_type_21lk_21ll_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_3_type_21mn_21mq_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_2_type_21kx_21ky_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a\u0026nbsp;potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).\u0026nbsp;"
}
],
"value": "During an internal security assessment, a\u00a0potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:11:21.336Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the version (or newer) as recommended in the advisory:\u0026nbsp;https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"value": "Update to the version (or newer) as recommended in the advisory:\u00a0https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10238",
"datePublished": "2026-06-10T14:11:21.336Z",
"dateReserved": "2025-09-10T15:30:05.055Z",
"dateUpdated": "2026-06-10T16:05:54.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10237 (GCVE-0-2025-10237)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:10 – Updated: 2026-06-10 16:06
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | vendor-advisory |
Impacted products
95 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:06:10.692217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:06:16.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "UEFI BIOS V1.22/ECP V1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.46",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.65/1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.39 / 1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "BIOS: 1.66 / ECFW: 1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "BIOS: 1.99/ ECFW: 1.58",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.29 / 1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.62/1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.39",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.47/1.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.68",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.30 / 1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.51",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.76",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.49",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.33 / 1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Gen 7 Type 21BD BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38/1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.76",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.52/ 1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.65",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.98",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.84",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad S2 Yoga Gen 6 Type 21AG China Only BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.34 / 1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.98",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.69",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X12 Detachable Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.73",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.69/1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38 / 1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.38",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.58 / 1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.06 / 1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.67 / 1.56",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.87",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "2.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.85/1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.56 / 1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.18 / 1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.22 / 1.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rk_21rl_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_carbon_13th_gen_type_21nx_21ny_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_3_type_21rs_21rt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.16",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l16_gen_1_type_21l7_21l8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21tb_21tc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21qt_21qu_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "uefi_bios_v1.22_ecp_v1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_6_type_21rb_21rc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21se_21sf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l16_gen_2_type_21sc_21sd_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_6_type_21rm_21rn_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.09",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21r1_21r2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.09",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_9_type_21ke_21kf_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.46",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_fold_16_gen_1_type_21es_21et_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:z16_gen_2_type_21jx_21jy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fe_21ff_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.65_1.13",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_4_type_21j3_21j4_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f8_21f9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_4_type_21k5_21k6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.47",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_6_type_21fv_21fw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.39_1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_1_type_21fc_21fd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bios_1.66_ecfw_1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16_gen_2_type_21fa_21fb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "bios_1.99_ecfw_1.58",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16s_gen_2_type_21hk_21hl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.52",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_4_type_21f6_21f7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.23",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_4_type_21h1_21h2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_4_type_21fg_21fh_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.24",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_3_type_21k1_21k2_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.29_1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:s2_yoga_gen_8_types_21fu_china_only_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l15_gen_4_type_21h7_21h8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_8th_gen_type_21hq_21hr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21m1_21m2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.62_1.12",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p15v_gen_3_type_21en_21em_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16_gen_1_type_21d6_21d7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.70",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_2-in-1_gen_10_type_21nu_21nv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.39",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x9-14_gen_1_type_21qa_21qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_5_type_21ls_21lt_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_5_type_21l1_21l2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14_gen_3_type_21ah_21aj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.47_1.27",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15p_gen_3_type_21da_21db_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.68",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_5_type_21dc_21dd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.30_1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21cq_21cr_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.51",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:z16_gen_1_type_21d4_21d5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.76",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_3_type_21br_21bs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.49",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c1_21c2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.44",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_3_type_21aw_21ax_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.25",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_yoga_gen_3_type_21b5_21b6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_2_type_21e8_21e9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33_1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_gen_7_type_21bd_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_7th_gen_type_21cd_21ce_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.53",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_3_type_21c5_21c6_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_20vn_china_only_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38_1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_6th_gen_type_20xy_20y0_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.76",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_2_type_20w8_20w9_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.52_1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20wk_20wl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.65",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x5_20x6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15g_gen_1_type_20ur_20us_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.98",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_2_type_20xh_20xj_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.36",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15p_gen_2_type_21a7_21a8_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.84",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_2_type_21a0_21a1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6_type_21ag_china_only_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_4th_gen_type_20y5_20y6_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.34_1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p17_gen_2_type_20yu_20yv_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.98",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_titanium_type_20qa_20qb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_nano_gen_1_type_20un_20uq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_1_type_20uw_20uv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_gen_5_type_21lu_21lv_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_2_type_20x1_20x2_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.73",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_21qe_21qf_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_4_type_22aw_22ax_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.08",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15_gen_2_type_20w4_20w5_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69_1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_fold_gen_1_type_20rk_20rl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.35",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_3rd_gen_type_20tk_20tl_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38_1.22",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_type_20t0_20t1_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.38",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t15_type_20s6_20s7_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.34",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x13_yoga_gen_1_type_20sx_20sy_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.58_1.18",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_5th_gen_type_20ub_20uc_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.41",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x390_yoga_type_20nn_20nq_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.06_1.23",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_yoga_4th_gen_type_20sa_20sb_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.67_1.56",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x390_type_20sc_20sd_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.87",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p73_type_20qr_20qs_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.01",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t490_type_20n2_20n3_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.85_1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x1_extreme_2nd_gen_type_20qv_20qw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.56_1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l390_type_20nr_20ns_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.53",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_type_20r3_20r4_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.45",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_gen_5_type_21lb_21lc_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_6_type_21ql_21qm_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l13_2-in-1_gen_6_type_21r7_21r8_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:l14_gen_6_type_21s6_21s7_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14s_gen_6_type_21qx_21qy_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p1_gen_7_type_21kv_21kw_laptop_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18_1.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.26",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t14_gen_5_type_21mc_21md_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:x12_detachable_gen_2_type_21lk_21ll_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22_1.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:t16_gen_3_type_21mn_21mq_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.16",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:p16v_gen_2_type_21kx_21ky_laptops_thinkpad_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.20",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions."
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:10:56.181Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the version (or newer) as recommended in the advisory:\u0026nbsp;https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"value": "Update to the version (or newer) as recommended in the advisory:\u00a0https://support.lenovo.com/us/en/product_security/LEN-218282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10237",
"datePublished": "2026-06-10T14:10:56.181Z",
"dateReserved": "2025-09-10T15:30:03.815Z",
"dateUpdated": "2026-06-10T16:06:16.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6090 (GCVE-0-2026-6090)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:09 – Updated: 2026-06-10 16:06
VLAI
Summary
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Smart Connect |
Affected:
0 , < 09.0.2.003.000
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:06:30.967944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:06:36.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Smart Connect",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "09.0.2.003.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "09.0.2.003.000",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Lex Bitcow for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:09:47.215Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-218281"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo Smart Connect for Windows to version 09.0.2.003.000 or later.\u003c/p\u003e\u003cp\u003eSmart Connect will prompt the user to download latest version when launched.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo Smart Connect for Windows to version 09.0.2.003.000 or later.\n\nSmart Connect will prompt the user to download latest version when launched."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-6090",
"datePublished": "2026-06-10T14:09:47.215Z",
"dateReserved": "2026-04-10T15:59:03.867Z",
"dateUpdated": "2026-06-10T16:06:36.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8637 (GCVE-0-2026-8637)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:09 – Updated: 2026-06-10 16:06
VLAI
Summary
A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | LanSchool Classic |
Affected:
0 , < 9.3.1.30
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:06:49.702523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:06:59.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LanSchool Classic",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.3.1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lanschool_classic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.3.1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Rafael Reis for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.\u0026nbsp;"
}
],
"value": "A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:09:32.979Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-217400"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate the LanSchool Classic client application to version 9.3.1.30 or later.\u003c/p\u003e\u003cp\u003eLanSchool Classic customers can update to the latest version by accessing their LanSchool account:\u0026nbsp;\u003ca href=\"https://lanschool.com/lanschool-login\" target=\"_blank\" rel=\"nofollow noopener\" title=\"Follow link\"\u003ehttps://lanschool.com/lanschool-login\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update the LanSchool Classic client application to version 9.3.1.30 or later.\n\nLanSchool Classic customers can update to the latest version by accessing their LanSchool account:\u00a0 https://lanschool.com/lanschool-login"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-8637",
"datePublished": "2026-06-10T14:09:32.979Z",
"dateReserved": "2026-05-14T19:39:23.525Z",
"dateUpdated": "2026-06-10T16:06:59.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9045 (GCVE-0-2026-9045)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:09 – Updated: 2026-06-10 16:07
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | vendor-advisory |
| https://support.lenovo.com/us/en/downloads/ds568567 | productpatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Accessories and Display Manager for Enterprise |
Affected:
0 , < 1.0.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:07:31.153771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:07:37.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Accessories and Display Manager for Enterprise",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:accessories_and_display_manager_for_enterprise:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "1.0.9",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges."
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:09:19.322Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-213623"
},
{
"tags": [
"product",
"patch"
],
"url": "https://support.lenovo.com/us/en/downloads/ds568567"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo Accessories and Display Manager for Enterprise for Windows to version 1.0.9 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo Accessories and Display Manager for Enterprise for Windows to version 1.0.9 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-9045",
"datePublished": "2026-06-10T14:09:19.322Z",
"dateReserved": "2026-05-19T19:01:21.410Z",
"dateUpdated": "2026-06-10T16:07:37.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7516 (GCVE-0-2026-7516)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:08 – Updated: 2026-06-10 16:04
VLAI
Summary
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://iknow.lenovo.com.cn/detail/440821 | vendor-advisory |
| https://shop.lenovo.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Application |
Affected:
0 , < 7.3.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:04:17.701084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:04:24.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Application",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:application:*:*:android:*:*:*:*:*",
"versionEndExcluding": "7.3.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Xinfeng Chen \u9648\u946b\u5cf0 and Mingming Wan \u4e07\u660e\u660e from Geely Zero Lab at Geely Auto for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents."
}
],
"value": "A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:08:47.203Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://iknow.lenovo.com.cn/detail/440821"
},
{
"tags": [
"product"
],
"url": "https://shop.lenovo.com.cn/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Lenovo Application for Android to version 7.3.8 or later.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Update Lenovo Application for Android to version 7.3.8 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-7516",
"datePublished": "2026-06-10T14:08:47.203Z",
"dateReserved": "2026-04-30T16:01:06.878Z",
"dateUpdated": "2026-06-10T16:04:24.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5804 (GCVE-0-2026-5804)
Vulnerability from cvelistv5 – Published: 2026-05-19 14:42 – Updated: 2026-05-19 16:39
VLAI
Summary
An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE‑306: Missing Authentication for Critical Function
- CWE‑285: Improper Authorization
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T16:38:16.640432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T16:39:42.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "com.motorola.motocit",
"product": "Phones",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2026-04-05",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:motorola:phones:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026-04-05",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Motorola thanks Pranil Gholap for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability was discovered in the Motorola Factory Test\u0026nbsp;component\u0026nbsp;(com.motorola.motocit). The application\u0026nbsp;contained\u0026nbsp;a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings.\u0026nbsp;"
}
],
"value": "An improper authentication vulnerability was discovered in the Motorola Factory Test\u00a0component\u00a0(com.motorola.motocit). The application\u00a0contained\u00a0a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE\u2011306: Missing Authentication for Critical Function",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE\u2011285: Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T14:42:21.989Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/192534"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update your Motorola Phone to software versions with a Security Patch Level of 2026-04-05\u0026nbsp;or later."
}
],
"value": "Update your Motorola Phone to software versions with a Security Patch Level of 2026-04-05\u00a0or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-5804",
"datePublished": "2026-05-19T14:42:21.989Z",
"dateReserved": "2026-04-08T14:38:14.415Z",
"dateUpdated": "2026-05-19T16:39:42.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6282 (GCVE-0-2026-6282)
Vulnerability from cvelistv5 – Published: 2026-05-13 14:15 – Updated: 2026-05-13 18:28
VLAI
Summary
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Personal Cloud T2s |
Affected:
0 , < 5.5.6.t2s.3
(custom)
|
|
| Lenovo | Personal Cloud T2Pro |
Affected:
0 , < 5.4.8.t2pro.2
(custom)
|
|
| Lenovo | Personal Cloud X1s |
Affected:
0 , < 5.4.8.x1s.2
(custom)
|
|
| Lenovo | Home Storage Hub T20 |
Affected:
0 , < 5.5.8.t20.1
(custom)
|
|
| Lenovo | Home Storage Hub X20 |
Affected:
0 , < 5.4.4.x20.1
(custom)
|
|
| Lenovo | Personal Cloud T1 |
Affected:
0 , ≤ 5.4.0.t1.6
(custom)
|
|
| Lenovo | Personal Cloud A1 |
Affected:
0 , ≤ 5.4.2.a1.3
(custom)
|
|
| Lenovo | Personal Cloud A1s |
Affected:
0 , ≤ 5.5.6.a1s
(custom)
|
|
| Lenovo | Personal Cloud T2 |
Affected:
0 , ≤ 5.4.5.t2.2
(custom)
|
|
| Lenovo | Personal Cloud X1 |
Affected:
0 , ≤ 5.4.7.x1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:28:11.322715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:28:18.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2s",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5.6.t2s.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.8.t2pro.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud X1s",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.8.x1s.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Home Storage Hub T20",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5.8.t20.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Home Storage Hub X20",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.4.x20.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.0.t1.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud A1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.2.a1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud A1s",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.5.6.a1s",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.5.t2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud X1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.7.x1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.6.t2s.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.8.t2pro.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_x1s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.8.x1s.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:home_storage_hub_t20:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.8.t20.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:home_storage_hub_x20:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.4.x20.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.0.t1.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_a1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.2.a1.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_a1s:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.5.6.a1s",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.5.t2.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_x1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.7.x1.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wang Jincheng, Professor Yu Le from Nanjing University of Posts and Telecommunications and Professor Luo Xiapu from The Hong Kong Polytechnic University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device."
}
],
"value": "A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:15:15.311Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/440274"
},
{
"url": "https://pc.lenovo.com.cn/tips/Ann/t1_eol.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274"
}
],
"value": "Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-6282",
"datePublished": "2026-05-13T14:15:15.311Z",
"dateReserved": "2026-04-14T14:42:10.875Z",
"dateUpdated": "2026-05-13T18:28:18.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6281 (GCVE-0-2026-6281)
Vulnerability from cvelistv5 – Published: 2026-05-13 14:15 – Updated: 2026-05-13 18:26
VLAI
Summary
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Personal Cloud T2s |
Affected:
0 , < 5.5.6.t2s.3
(custom)
|
|
| Lenovo | Personal Cloud T2Pro |
Affected:
0 , < 5.4.8.t2pro.2
(custom)
|
|
| Lenovo | Personal Cloud X1s |
Affected:
0 , < 5.4.8.x1s.2
(custom)
|
|
| Lenovo | Home Storage Hub T20 |
Affected:
0 , < 5.5.8.t20.1
(custom)
|
|
| Lenovo | Home Storage Hub X20 |
Affected:
0 , < 5.4.4.x20.1
(custom)
|
|
| Lenovo | Personal Cloud T1 |
Affected:
0 , ≤ 5.4.0.t1.6
(custom)
|
|
| Lenovo | Personal Cloud A1 |
Affected:
0 , ≤ 5.4.2.a1.3
(custom)
|
|
| Lenovo | Personal Cloud A1s |
Affected:
0 , ≤ 5.5.6.a1s
(custom)
|
|
| Lenovo | Personal Cloud T2 |
Affected:
0 , ≤ 5.4.5.t2.2
(custom)
|
|
| Lenovo | Personal Cloud X1 |
Affected:
0 , ≤ 5.4.7.x1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:26:41.674862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:26:58.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2s",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5.6.t2s.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.8.t2pro.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud X1s",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.8.x1s.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Home Storage Hub T20",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.5.8.t20.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Home Storage Hub X20",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.4.4.x20.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.0.t1.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud A1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.2.a1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud A1s",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.5.6.a1s",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud T2",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.5.t2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Personal Cloud X1",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "5.4.7.x1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.6.t2s.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.8.t2pro.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_x1s:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.8.x1s.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:home_storage_hub_t20:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.8.t20.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:home_storage_hub_x20:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.4.x20.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.0.t1.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_a1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.2.a1.3",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_a1s:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.5.6.a1s",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_t2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.5.t2.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:personal_cloud_x1:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.7.x1.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wang Jincheng, Professor Yu Le from Nanjing University of Posts and Telecommunications and Professor Luo Xiapu from The Hong Kong Polytechnic University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device."
}
],
"value": "A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:15:06.307Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/440274"
},
{
"url": "https://pc.lenovo.com.cn/tips/Ann/t1_eol.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274"
}
],
"value": "Update device firmware to the version indicated in the advisory: https://iknow.lenovo.com.cn/detail/440274"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-6281",
"datePublished": "2026-05-13T14:15:06.307Z",
"dateReserved": "2026-04-14T14:42:10.223Z",
"dateUpdated": "2026-05-13T18:26:58.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4145 (GCVE-0-2026-4145)
Vulnerability from cvelistv5 – Published: 2026-04-15 12:28 – Updated: 2026-04-15 13:02
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Software Fix |
Affected:
0 , < 7.5.5.19
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:01:52.842214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:02:39.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software Fix",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.5.5.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:software_fix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.5.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.\u003cbr\u003e"
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T12:28:19.642Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213829"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Software Fix to version 7.5.5.19 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Software Fix to version 7.5.5.19 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-4145",
"datePublished": "2026-04-15T12:28:19.642Z",
"dateReserved": "2026-03-13T17:11:27.390Z",
"dateUpdated": "2026-04-15T13:02:39.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4135 (GCVE-0-2026-4135)
Vulnerability from cvelistv5 – Published: 2026-04-15 12:28 – Updated: 2026-04-15 13:05
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Software Fix |
Affected:
0 , < 7.5.5.19
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:05:00.378552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:05:12.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software Fix",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.5.5.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:software_fix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.5.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T12:28:12.205Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213829"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Software Fix to version 7.5.5.19 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Software Fix to version 7.5.5.19 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-4135",
"datePublished": "2026-04-15T12:28:12.205Z",
"dateReserved": "2026-03-13T14:48:31.899Z",
"dateUpdated": "2026-04-15T13:05:12.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4134 (GCVE-0-2026-4134)
Vulnerability from cvelistv5 – Published: 2026-04-15 12:28 – Updated: 2026-04-15 13:08
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Software Fix |
Affected:
0 , < 7.5.5.19
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:05:56.581633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:08:19.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software Fix",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.5.5.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:software_fix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.5.5.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.\u003cbr\u003e"
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T12:28:05.838Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213829"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Software Fix to version 7.5.5.19 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Software Fix to version 7.5.5.19 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-4134",
"datePublished": "2026-04-15T12:28:05.838Z",
"dateReserved": "2026-03-13T14:48:30.665Z",
"dateUpdated": "2026-04-15T13:08:19.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1636 (GCVE-0-2026-1636)
Vulnerability from cvelistv5 – Published: 2026-04-15 12:27 – Updated: 2026-04-16 03:55
VLAI
Summary
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Service Bridge |
Affected:
0 , < 5.0.2.20
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:27.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.0.2.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.2.20",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Victor Rodriguez (aka NT3P) for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
}
],
"value": "A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T12:27:54.562Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-211071"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically. \u003cbr\u003e"
}
],
"value": "Upgrade to the Lenovo Service Bridge version 5.0.2.20 or later. Lenovo Service Bridge is updated automatically."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1636",
"datePublished": "2026-04-15T12:27:54.562Z",
"dateReserved": "2026-01-29T16:42:53.823Z",
"dateUpdated": "2026-04-16T03:55:27.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0827 (GCVE-0-2026-0827)
Vulnerability from cvelistv5 – Published: 2026-04-15 12:27 – Updated: 2026-04-15 13:48
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Diagnostics |
Affected:
0 , < 5.26.0
(custom)
|
|
| Lenovo | Vantage |
Affected:
0 , < 4.7.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:46:44.833174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:48:06.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "HardwareScanAddin",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.7.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Anas Hadane for subsequently reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T12:27:45.354Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-210693"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Diagnostics to version 5.26.0 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Diagnostics to version 5.26.0 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.\u003cbr\u003e"
}
],
"value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-0827",
"datePublished": "2026-04-15T12:27:45.354Z",
"dateReserved": "2026-01-09T19:19:57.946Z",
"dateUpdated": "2026-04-15T13:48:06.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2640 (GCVE-0-2026-2640)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:23 – Updated: 2026-03-12 16:18
VLAI
Summary
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | PC Manager |
Affected:
0 , < 5.1.160.12302
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:45.292693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:19.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.160.12302",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.160.12302",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Victor Soler Renaud of Devoteam Purple Team for subsequently reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eDuring an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:23:12.942Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/438816"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo PC Manager Version to version 5.1.160.12302 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo PC Manager Version to version 5.1.160.12302 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-2640",
"datePublished": "2026-03-11T20:23:12.942Z",
"dateReserved": "2026-02-17T19:58:39.340Z",
"dateUpdated": "2026-03-12T16:18:19.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1717 (GCVE-0-2026-1717)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:22 – Updated: 2026-03-12 16:18
VLAI
Summary
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:46.758689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:25.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "LenovoProductivitySystemAddin",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.0.138",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "LenovoProductivitySystemAddin",
"product": "Baiying",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.0.138",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0.138",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:baiying:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0.138",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Manuel Kiesel (cyllective AG) for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges."
}
],
"value": "An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:22:50.139Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213044"
},
{
"url": "https://iknow.lenovo.com.cn/detail/438815"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Vantage LenovoProductivitySystemAddin to version 1.0.0.138 or later.\u003c/p\u003e\u003cp\u003eLenovoProductivitySystemAddin is automatically updated by Lenovo Vantage and Baiying.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Vantage LenovoProductivitySystemAddin to version 1.0.0.138 or later.\n\nLenovoProductivitySystemAddin is automatically updated by Lenovo Vantage and Baiying."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1717",
"datePublished": "2026-03-11T20:22:50.139Z",
"dateReserved": "2026-01-30T19:00:49.191Z",
"dateUpdated": "2026-03-12T16:18:25.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1716 (GCVE-0-2026-1716)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:22 – Updated: 2026-03-12 16:18
VLAI
Summary
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:48.324036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:30.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "DeviceSettingsSystemAddin",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.8.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "DeviceSettingsSystemAddin",
"product": "Baiying",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.8.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.8.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:baiying:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.8.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Manuel Kiesel (cyllective AG) for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges."
}
],
"value": "An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:22:37.168Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213044"
},
{
"url": "https://iknow.lenovo.com.cn/detail/438815"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later.\u003c/p\u003e\u003cp\u003eDeviceSettingsSystemAddin is automatically updated by Lenovo Vantage and Baiying.\u003c/p\u003e"
}
],
"value": "Update Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later.\n\nDeviceSettingsSystemAddin is automatically updated by Lenovo Vantage and Baiying."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1716",
"datePublished": "2026-03-11T20:22:37.168Z",
"dateReserved": "2026-01-30T19:00:48.303Z",
"dateUpdated": "2026-03-12T16:18:30.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1715 (GCVE-0-2026-1715)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:22 – Updated: 2026-03-12 16:18
VLAI
Summary
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:49.671711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:37.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "DeviceSettingsSystemAddin",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.8.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "DeviceSettingsSystemAddin",
"product": "Baiying",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.8.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.8.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:baiying:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.8.15",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Manuel Kiesel (cyllective AG) for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges."
}
],
"value": "An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:22:24.144Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213044"
},
{
"url": "https://iknow.lenovo.com.cn/detail/438815"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later.\u003c/p\u003e\u003cp\u003eDeviceSettingsSystemAddin is automatically updated by Lenovo Vantage and Baiying.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later.\n\nDeviceSettingsSystemAddin is automatically updated by Lenovo Vantage and Baiying."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1715",
"datePublished": "2026-03-11T20:22:24.144Z",
"dateReserved": "2026-01-30T19:00:44.486Z",
"dateUpdated": "2026-03-12T16:18:37.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1653 (GCVE-0-2026-1653)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:21 – Updated: 2026-03-12 16:18
VLAI
Summary
A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-369 - Divide By Zero
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Smart Connect |
Affected:
0 , < 09.0.1.002.000
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:50.956978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:44.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Smart Connect",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "09.0.1.002.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "09.0.1.002.000",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Yaron Dinkin \u0026 Eyal Kraft from Hexaplex AI for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.\u003cbr\u003e"
}
],
"value": "A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:21:40.157Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-209683"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically.\n\n\u003cbr\u003e"
}
],
"value": "Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1653",
"datePublished": "2026-03-11T20:21:40.157Z",
"dateReserved": "2026-01-29T19:17:33.821Z",
"dateUpdated": "2026-03-12T16:18:44.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1652 (GCVE-0-2026-1652)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:21 – Updated: 2026-03-12 16:18
VLAI
Summary
A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Smart Connect |
Affected:
0 , < 09.0.1.002.000
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:52.231635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:51.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Smart Connect",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "09.0.1.002.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:smart_connect:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "09.0.1.002.000",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Yaron Dinkin \u0026 Eyal Kraft from Hexaplex AI for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error."
}
],
"value": "A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:21:32.839Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-209683"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically. \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Update Smart Connect to version 09.0.1.002.000. Smart Connect is updated automatically."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1652",
"datePublished": "2026-03-11T20:21:32.839Z",
"dateReserved": "2026-01-29T19:17:33.220Z",
"dateUpdated": "2026-03-12T16:18:51.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0940 (GCVE-0-2026-0940)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:21 – Updated: 2026-03-13 03:55
VLAI
Summary
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-665 - Improper Initialization
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkPad T14 Gen 5 BIOS |
Affected:
0 , ≤ 1.17
(custom)
|
|
| Lenovo | ThinkPad P14s Gen 5 BIOS |
Affected:
0 , ≤ 1.17
(custom)
|
|
| Lenovo | ThinkPad Z13 Gen 2 BIOS |
Affected:
0 , ≤ 1.37
(custom)
|
|
| Lenovo | ThinkPad Z16 Gen 2 BIOS |
Affected:
0 , ≤ 1.37
(custom)
|
|
| Lenovo | ThinkPad P16v Gen 1 BIOS |
Affected:
0 , ≤ 1.62
(custom)
|
|
| Lenovo | ThinkPad P15v Gen 3 BIOS |
Affected:
0 , ≤ 1.28
(custom)
|
|
| Lenovo | ThinkPad Z13 Gen 1 BIOS |
Affected:
0 , ≤ 1.76
(custom)
|
|
| Lenovo | ThinkPad Z16 Gen 1 BIOS |
Affected:
0 , ≤ 1.76
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T03:55:41.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad T14 Gen 5 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad P14s Gen 5 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad Z13 Gen 2 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad Z16 Gen 2 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad P16v Gen 1 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad P15v Gen 3 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad Z13 Gen 1 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.76",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad Z16 Gen 1 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.76",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_t14_gen_5_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_p14s_gen_5_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.17",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_z13_gen_2_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_z16_gen_2_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_p16v_gen_1_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.62",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_p15v_gen_3_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.28",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_z13_gen_1_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.76",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_z16_gen_1_bios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.76",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Krzysztof Okupski of IOActive for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665: Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:21:17.160Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-213040"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the version (or newer) indicated for your model in the Product Impact section of the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-213040\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-213040\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Update to the version (or newer) indicated for your model in the Product Impact section of the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-213040"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-0940",
"datePublished": "2026-03-11T20:21:17.160Z",
"dateReserved": "2026-01-14T14:41:45.333Z",
"dateUpdated": "2026-03-13T03:55:41.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2368 (GCVE-0-2026-2368)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:21 – Updated: 2026-03-12 16:19
VLAI
Summary
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.filez.com/securityPolicy |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:37:56.286622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:05.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FileZ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "10.12.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "FileZ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "11.1.0.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "10.12.3.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*",
"versionEndExcluding": "11.1.0.35",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.\u0026nbsp;"
}
],
"value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:21:05.818Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://www.filez.com/securityPolicy"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update\u0026nbsp;Lenovo\u0026nbsp;FileZ\u0026nbsp;Android\u0026nbsp;application to version\u0026nbsp;11.1.0.35\u0026nbsp;or\u0026nbsp;later.\u0026nbsp;"
}
],
"value": "Update\u00a0Lenovo\u00a0FileZ\u00a0Android\u00a0application to version\u00a011.1.0.35\u00a0or\u00a0later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate\u0026nbsp;Lenovo\u0026nbsp;FileZ Windows\u0026nbsp;application to version\u0026nbsp;10.12.3.0\u0026nbsp;or\u0026nbsp;later.\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update\u00a0Lenovo\u00a0FileZ Windows\u00a0application to version\u00a010.12.3.0\u00a0or\u00a0later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-2368",
"datePublished": "2026-03-11T20:21:05.818Z",
"dateReserved": "2026-02-11T20:29:58.887Z",
"dateUpdated": "2026-03-12T16:19:05.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1068 (GCVE-0-2026-1068)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:20 – Updated: 2026-03-12 16:19
VLAI
Summary
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.filez.com/securityPolicy |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:53.611265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:12.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FileZ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "10.12.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "FileZ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "11.1.0.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "10.12.3.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*",
"versionEndExcluding": "11.1.0.35",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.\u0026nbsp;"
}
],
"value": "An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:20:53.662Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://www.filez.com/securityPolicy"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update\u0026nbsp;Lenovo\u0026nbsp;FileZ\u0026nbsp;Android\u0026nbsp;application to version\u0026nbsp;11.1.0.35\u0026nbsp;or\u0026nbsp;later.\u0026nbsp;"
}
],
"value": "Update\u00a0Lenovo\u00a0FileZ\u00a0Android\u00a0application to version\u00a011.1.0.35\u00a0or\u00a0later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate\u0026nbsp;Lenovo\u0026nbsp;FileZ Windows\u0026nbsp;application to version\u0026nbsp;10.12.3.0\u0026nbsp;or\u0026nbsp;later.\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update\u00a0Lenovo\u00a0FileZ Windows\u00a0application to version\u00a010.12.3.0\u00a0or\u00a0later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-1068",
"datePublished": "2026-03-11T20:20:53.662Z",
"dateReserved": "2026-01-16T19:33:39.508Z",
"dateUpdated": "2026-03-12T16:19:12.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0520 (GCVE-0-2026-0520)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:20 – Updated: 2026-03-12 16:19
VLAI
Summary
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.filez.com/securityPolicy |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:54.875437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:19.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "FileZ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "11.1.0.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez:*:*:android:*:*:*:*:*",
"versionEndExcluding": "11.1.0.37",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file."
}
],
"value": "A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:20:21.510Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://www.filez.com/securityPolicy"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate FileZ Android application to version 11.1.0.37 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update FileZ Android application to version 11.1.0.37 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-0520",
"datePublished": "2026-03-11T20:20:21.510Z",
"dateReserved": "2025-12-16T22:08:55.203Z",
"dateUpdated": "2026-03-12T16:19:19.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14058 (GCVE-0-2025-14058)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:20 – Updated: 2026-01-15 15:56
VLAI
Summary
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
31 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Tab M11 TB330FU TB330XU |
Affected:
0 , < 17.0.284
(custom)
|
|
| Lenovo | Tab K11 TB330FU |
Affected:
0 , < 17.0.284
(custom)
|
|
| Lenovo | Tab K11 TB330FUP |
Affected:
0 , < 17.0.254
(custom)
|
|
| Lenovo | Tab K11 TB330XU |
Affected:
0 , < 17.0.084
(custom)
|
|
| Lenovo | Tab K11 TB330XUP |
Affected:
0 , < 17.0.254
(custom)
|
|
| Lenovo | Idea Tab Pro TB373FU |
Affected:
0 , < ZUI_17.0.04.266_ST_251120
(custom)
|
|
| Lenovo | Tab K9 TB305FU |
Affected:
0 , < 17.0.10.118
(custom)
|
|
| Lenovo | Tab K9 TB305XU |
Affected:
0 , < 17.0.10.098
(custom)
|
|
| Lenovo | Tab Plus TB351FU |
Affected:
0 , < 17.5.10.023
(custom)
|
|
| Lenovo | Tab M8 4th Gen 2024 TB301FU |
Affected:
0 , < TB301FU_USR_S000126_250919_MP1V1111_ROW
(custom)
|
|
| Lenovo | Tab M8 4th Gen 2024 TB301XU |
Affected:
0 , < TB301XU_USR_S000147_250919_MP1V1111_ROW
(custom)
|
|
| Lenovo | Tab Extreme TB570ZU TB570FU |
Affected:
0 , < 17.5.184
(custom)
|
|
| Lenovo | Tab M10 5G TB360ZU |
Affected:
0 , < 16.0.882
(custom)
|
|
| Lenovo | Tab M8 4th Gen TB300FU |
Affected:
0 , < TB300XU_USR_S100149_250919_MP1V1111_ROW
(custom)
|
|
| Lenovo | Tab M8 4th Gen TB300XU |
Affected:
0 , < TB300FU_USR_S100122_250919_MP1V1111_ROW
(custom)
|
|
| Lenovo | Tab M9 TB310FU |
Affected:
0 , < TB310XU_USR_S000913_2510021921_mp1V969_ROW
(custom)
|
|
| Lenovo | Tab M9 TB310XU |
Affected:
0 , < TB310FU_USR_S000912_2510022135_mp1V969_ROW
(custom)
|
|
| Lenovo | Tab P11 2nd Gen TB350XU |
Affected:
0 , < TB350FU_USER_S231044_2601050946
(custom)
|
|
| Lenovo | Tab P11 2nd Gen TB350FU |
Affected:
0 , < TB350XU_USER_S231018_2601050930
(custom)
|
|
| Lenovo | Tab P12 TB370FU |
Affected:
0 , < 17.0.267
(custom)
|
|
| Lenovo | Tab P12 TB372FU |
Affected:
0 , < 17.0.267
(custom)
|
|
| Lenovo | Tab K11 Plus LTE TB352FU |
Affected:
0 , < 17.0.10.250
(custom)
|
|
| Lenovo | Tab K11 Plus LTE TB352XU |
Affected:
0 , < 17.0.10.242
(custom)
|
|
| Lenovo | Yoga Tab Plus TB520FU |
Affected:
0 , < 17.5.10.036
(custom)
|
|
| Lenovo | Tab K11 Gen 2 TB336ZU |
Affected:
0 , < 17.0.10.541
(custom)
|
|
| Lenovo | TAB7 |
Affected:
0 , < 17.0.10.541
(custom)
|
|
| Lenovo | Lenovo Tab with Clear Case TB311FU |
Affected:
0 , < 17.0.30.303
(custom)
|
|
| Lenovo | Lenovo Tab with Folio Case TB311XU |
Affected:
0 , < 17.0.31.259
(custom)
|
|
| Lenovo | Legion Tab TB321FU |
Affected:
0 , < 17.5.10.031
(custom)
|
|
| Lenovo | Legion Tab TB320FC |
Affected:
0 , < 17.0.339
(custom)
|
|
| Lenovo | Idea Tab TB336FU |
Affected:
0 , < 17.5.10.041
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T14:48:32.128858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T14:48:46.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tab M11 TB330FU TB330XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.284",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.284",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330FUP",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.254",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.084",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330XUP",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.254",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Idea Tab Pro TB373FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "ZUI_17.0.04.266_ST_251120",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.118",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.098",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Plus TB351FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen 2024 TB301FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB301FU_USR_S000126_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen 2024 TB301XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB301XU_USR_S000147_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Extreme TB570ZU TB570FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.184",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M10 5G TB360ZU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "16.0.882",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen TB300FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300XU_USR_S100149_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen TB300XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300FU_USR_S100122_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M9 TB310FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB310XU_USR_S000913_2510021921_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M9 TB310XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB310FU_USR_S000912_2510022135_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P11 2nd Gen TB350XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB350FU_USER_S231044_2601050946",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P11 2nd Gen TB350FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB350XU_USER_S231018_2601050930",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P12 TB370FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.267",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P12 TB372FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.267",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus LTE TB352FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus LTE TB352XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.242",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yoga Tab Plus TB520FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.036",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Gen 2 TB336ZU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.541",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TAB7",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.541",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lenovo Tab with Clear Case TB311FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.30.303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lenovo Tab with Folio Case TB311XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.31.259",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legion Tab TB321FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.031",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legion Tab TB320FC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.339",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Idea Tab TB336FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m11_tb330fu_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.284",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_tb330fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.284",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_tb330fup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.254",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.084",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_tb330xup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.254",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:idea_tab_pro_tb373fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "zui_17.0.04.266_st_251120",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k9_tb305fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.118",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k9_tb305xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.098",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_plus_tb351fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.023",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m8_4th_gen_2024_tb301fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb301fu_usr_s000126_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m8_4th_gen_2024_tb301xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb301xu_usr_s000147_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_extreme_tb570zu_tb570fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.184",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m10_5g_tb360zu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.882",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m8_4th_gen_tb300fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300xu_usr_s100149_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m8_4th_gen_tb300xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300fu_usr_s100122_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m9_tb310fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310xu_usr_s000913_2510021921_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_m9_tb310xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310fu_usr_s000912_2510022135_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_p11_2nd_gen_tb350xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350fu_user_s231044_2601050946",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_p11_2nd_gen_tb350fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350xu_user_s231018_2601050930",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_p12_tb370fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.267",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_p12_tb372fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.267",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_plus_lte_tb352fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.250",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_plus_lte_tb352xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.242",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:yoga_tab_plus_tb520fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.036",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab_k11_gen_2_tb336zu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.541",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:tab7:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.541",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_tab_with_clear_case_tb311fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.30.303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lenovo_tab_with_folio_case_tb311xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.31.259",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:legion_tab_tb321fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.031",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:legion_tab_tb320fc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.339",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:idea_tab_tb336fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.041",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Pablo Vivanco of DeepSecurity for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the \"Allow Control Center access when locked\" option is disabled. \u003c/span\u003e"
}
],
"value": "A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the \"Allow Control Center access when locked\" option is disabled."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T15:56:05.902Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-207951"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the version (or higher) as recommended in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-207951\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-207951\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update to the version (or higher) as recommended in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-207951"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-14058",
"datePublished": "2026-01-14T22:20:37.631Z",
"dateReserved": "2025-12-04T19:05:38.655Z",
"dateUpdated": "2026-01-15T15:56:05.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0421 (GCVE-0-2026-0421)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:18 – Updated: 2026-02-26 15:04
VLAI
Summary
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkPad L13 Gen 6 BIOS |
Affected:
0 , < 1.10
(custom)
|
|
| Lenovo | ThinkPad L13 Gen 6 2 in 1 BIOS |
Affected:
0 , < 1.10
(custom)
|
|
| Lenovo | ThinkPad L14 Gen 6 BIOS |
Affected:
0 , < 1.06
(custom)
|
|
| Lenovo | ThinkPad L16 Gen 2 BIOS |
Affected:
0 , < 1.06
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T04:55:45.785849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:07.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad L13 Gen 6 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad L13 Gen 6 2 in 1 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad L14 Gen 6 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPad L16 Gen 2 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_l13_gen_6_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_l13_gen_6_2_in_1_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_l14_gen_6_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:thinkpad_l16_gen_2_bios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as \u201cOn\u201d in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode."
}
],
"value": "A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as \u201cOn\u201d in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T22:18:56.115Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-210688"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the version (or higher) as recommended in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-210688\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-210688\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update to the version (or higher) as recommended in the Product Impact section in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-210688"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-0421",
"datePublished": "2026-01-14T22:18:56.115Z",
"dateReserved": "2025-12-04T19:05:55.282Z",
"dateUpdated": "2026-02-26T15:04:07.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13455 (GCVE-0-2025-13455)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:18 – Updated: 2026-01-15 14:49
VLAI
Summary
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkPlus FU100 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus FU200 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TU800 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TSD303 |
Affected:
Gen 1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T14:49:22.597355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T14:49:46.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU100",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU200",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TU800",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TSD303",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. \u003cbr\u003e"
}
],
"value": "A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T22:18:24.196Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/436983"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Follow the guidance in the Product Impact section in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/436983\"\u003ehttps://iknow.lenovo.com.cn/detail/436983\u003c/a\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "Follow the guidance in the Product Impact section in the advisory: https://iknow.lenovo.com.cn/detail/436983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-13455",
"datePublished": "2026-01-14T22:18:24.196Z",
"dateReserved": "2025-11-19T19:32:11.639Z",
"dateUpdated": "2026-01-15T14:49:46.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13454 (GCVE-0-2025-13454)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:18 – Updated: 2026-02-25 21:31
VLAI
Summary
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkPlus FU100 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus FU200 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TU800 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TSD303 |
Affected:
Gen 1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T13:36:53.782227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T13:37:01.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU100",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU200",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TU800",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TSD303",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:31:27.153Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/436983"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Follow the guidance in the Product Impact section in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/436983\"\u003ehttps://iknow.lenovo.com.cn/detail/436983\u003c/a\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "Follow the guidance in the Product Impact section in the advisory: https://iknow.lenovo.com.cn/detail/436983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-13454",
"datePublished": "2026-01-14T22:18:18.306Z",
"dateReserved": "2025-11-19T19:32:11.064Z",
"dateUpdated": "2026-02-25T21:31:27.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13453 (GCVE-0-2025-13453)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:18 – Updated: 2026-02-25 21:31
VLAI
Summary
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | ThinkPlus FU100 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus FU200 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TU800 |
Affected:
Gen 1
|
|
| Lenovo | ThinkPlus TSD303 |
Affected:
Gen 1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T13:36:13.339161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T13:36:22.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU100",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus FU200",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TU800",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkPlus TSD303",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "Gen 1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."
}
],
"value": "A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:31:21.940Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/436983"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Follow the guidance in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/436983\"\u003ehttps://iknow.lenovo.com.cn/detail/436983\u003c/a\u003e"
}
],
"value": "Follow the guidance in the Product Impact section in the advisory:\u00a0 https://iknow.lenovo.com.cn/detail/436983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-13453",
"datePublished": "2026-01-14T22:18:13.439Z",
"dateReserved": "2025-11-19T19:32:10.395Z",
"dateUpdated": "2026-02-25T21:31:21.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13154 (GCVE-0-2025-13154)
Vulnerability from cvelistv5 – Published: 2026-01-14 22:16 – Updated: 2026-01-15 13:44
VLAI
Summary
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T13:44:45.893751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T13:44:54.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.1.0.1111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.0.1111",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Alex Lee Tsz Hin @PwCHK and Manuel Kiesel (cyllective AG) / John Ostrowski (Compass Security) for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.\u003c/span\u003e"
}
],
"value": "An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T22:16:13.569Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-208293"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Vantage SmartPerformanceAddin to version 1.1.0.1111 or later.\u003c/p\u003e\u003cp\u003eSmartPerformanceAddin is automatically updated by Lenovo Vantage.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Vantage SmartPerformanceAddin to version 1.1.0.1111 or later.\n\nSmartPerformanceAddin is automatically updated by Lenovo Vantage."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-13154",
"datePublished": "2026-01-14T22:16:13.569Z",
"dateReserved": "2025-11-13T21:30:51.407Z",
"dateUpdated": "2026-01-15T13:44:54.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}