Vulnerabilites related to lenovo - px6-300d
Vulnerability from fkie_nvd
Published
2018-09-28 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "9C681D87-390C-4515-876B-56F301C6C2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD583F-99C1-474D-9D33-CB3FFBF87710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "1552A6C4-D72C-4F4A-959A-A74FB2F9331F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC36B80-3542-46E8-ABB0-988BF8405336",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CF0CA3-C011-479E-90DB-1C4D9136778C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F667B-CF55-458E-A0DF-2D0BA47FF34E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8750825E-AD9D-43FF-BA19-C1DC360E4050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA96CA-47B7-4C36-B160-49AEAFEC7AE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DAD273-0243-4C4B-BA48-98843262D454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D9442509-43F9-43AE-ABB8-A109029CBCB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67148992-00E9-4F99-8027-6AA0C56D64C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "0538AFC3-AF46-4A3D-BDA2-3D2B287C5083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8A885-87E4-47B6-964C-BD6B2CC253C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF64BC7-7AE0-4822-9F95-325EF6B914CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "73152B06-114D-41CA-B4A4-F430F7A1D818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46920A-82FF-4E15-AB22-DFDB6D532DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "24151BE4-3D25-4ED6-BD93-117C9AEDEC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEDB98C-CB83-467A-B866-1E26146977BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068F1733-22CD-4265-8519-54968CBCDA51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAE671E-04BF-4BAE-847A-8236FB9EB927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C2AAD-0356-4C4C-B1F2-50736844A809",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "A7298F84-E758-4AB3-9F0C-6F6B11997E69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AECD5C-256C-4F24-8162-14E569CDCED6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "83A7AFAE-89F3-4E69-83C4-77361D5DBD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EDB44-96C0-425C-B192-0AE8C5BC265A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F95A331F-E040-4025-AD3F-C6118204091D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2441B8E2-C356-49C1-BD7B-028C4A83616C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "80271F4B-3195-4A9A-A5B7-9CED966AC29C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9B4663-D9EB-4207-B393-CDF45F020A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C110122A-D64C-417F-BC56-0F0B34509062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B15B3E-FE90-43C1-9724-1FA19D4F0759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1AB5D-19B0-43F0-9656-3D78ED8047F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5471D381-CEEB-4351-B78A-41ECA2656A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, los adversarios pueden manipular URL para modificar el DOM (Document Object Model) de la p\u00e1gina. Adem\u00e1s, los adversarios pueden inyectar etiquetas de scripts HTML y etiquetas HTML con manejadores JavaScript para ejecutar JavaScript arbitrario con el origen del dispositivo."
}
],
"id": "CVE-2018-9079",
"lastModified": "2024-11-21T04:14:55.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:01.207",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "9C681D87-390C-4515-876B-56F301C6C2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD583F-99C1-474D-9D33-CB3FFBF87710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "1552A6C4-D72C-4F4A-959A-A74FB2F9331F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC36B80-3542-46E8-ABB0-988BF8405336",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CF0CA3-C011-479E-90DB-1C4D9136778C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F667B-CF55-458E-A0DF-2D0BA47FF34E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8750825E-AD9D-43FF-BA19-C1DC360E4050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA96CA-47B7-4C36-B160-49AEAFEC7AE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DAD273-0243-4C4B-BA48-98843262D454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D9442509-43F9-43AE-ABB8-A109029CBCB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67148992-00E9-4F99-8027-6AA0C56D64C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "0538AFC3-AF46-4A3D-BDA2-3D2B287C5083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8A885-87E4-47B6-964C-BD6B2CC253C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF64BC7-7AE0-4822-9F95-325EF6B914CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "73152B06-114D-41CA-B4A4-F430F7A1D818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46920A-82FF-4E15-AB22-DFDB6D532DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "24151BE4-3D25-4ED6-BD93-117C9AEDEC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEDB98C-CB83-467A-B866-1E26146977BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068F1733-22CD-4265-8519-54968CBCDA51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAE671E-04BF-4BAE-847A-8236FB9EB927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C2AAD-0356-4C4C-B1F2-50736844A809",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "A7298F84-E758-4AB3-9F0C-6F6B11997E69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AECD5C-256C-4F24-8162-14E569CDCED6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "83A7AFAE-89F3-4E69-83C4-77361D5DBD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EDB44-96C0-425C-B192-0AE8C5BC265A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F95A331F-E040-4025-AD3F-C6118204091D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2441B8E2-C356-49C1-BD7B-028C4A83616C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "80271F4B-3195-4A9A-A5B7-9CED966AC29C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9B4663-D9EB-4207-B393-CDF45F020A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C110122A-D64C-417F-BC56-0F0B34509062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B15B3E-FE90-43C1-9724-1FA19D4F0759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1AB5D-19B0-43F0-9656-3D78ED8047F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5471D381-CEEB-4351-B78A-41ECA2656A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, el nombre de archivo empleado para los activos accesibles mediante la aplicaci\u00f3n Content Viewer son vulnerables a un ataque self-Cross-Site Scripting (self-XSS). Como resultado, los adversarios pueden a\u00f1adir archivos a los almacenes accesibles desde Content Viewer con una carga \u00fatil de Cross-Site Scripting (XSS) en su nombre y esperar a que un usuario intente renombrar el archivo para que se desencadene su carga \u00fatil."
}
],
"id": "CVE-2018-9081",
"lastModified": "2024-11-21T04:14:56.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:01.423",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "9C681D87-390C-4515-876B-56F301C6C2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD583F-99C1-474D-9D33-CB3FFBF87710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "1552A6C4-D72C-4F4A-959A-A74FB2F9331F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC36B80-3542-46E8-ABB0-988BF8405336",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CF0CA3-C011-479E-90DB-1C4D9136778C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F667B-CF55-458E-A0DF-2D0BA47FF34E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8750825E-AD9D-43FF-BA19-C1DC360E4050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA96CA-47B7-4C36-B160-49AEAFEC7AE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DAD273-0243-4C4B-BA48-98843262D454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D9442509-43F9-43AE-ABB8-A109029CBCB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67148992-00E9-4F99-8027-6AA0C56D64C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "0538AFC3-AF46-4A3D-BDA2-3D2B287C5083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8A885-87E4-47B6-964C-BD6B2CC253C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF64BC7-7AE0-4822-9F95-325EF6B914CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "73152B06-114D-41CA-B4A4-F430F7A1D818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46920A-82FF-4E15-AB22-DFDB6D532DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "24151BE4-3D25-4ED6-BD93-117C9AEDEC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEDB98C-CB83-467A-B866-1E26146977BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068F1733-22CD-4265-8519-54968CBCDA51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAE671E-04BF-4BAE-847A-8236FB9EB927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C2AAD-0356-4C4C-B1F2-50736844A809",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "A7298F84-E758-4AB3-9F0C-6F6B11997E69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AECD5C-256C-4F24-8162-14E569CDCED6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "83A7AFAE-89F3-4E69-83C4-77361D5DBD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EDB44-96C0-425C-B192-0AE8C5BC265A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F95A331F-E040-4025-AD3F-C6118204091D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2441B8E2-C356-49C1-BD7B-028C4A83616C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "80271F4B-3195-4A9A-A5B7-9CED966AC29C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9B4663-D9EB-4207-B393-CDF45F020A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C110122A-D64C-417F-BC56-0F0B34509062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B15B3E-FE90-43C1-9724-1FA19D4F0759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1AB5D-19B0-43F0-9656-3D78ED8047F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5471D381-CEEB-4351-B78A-41ECA2656A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device\u0027s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, la aplicaci\u00f3n Content Explorer otorga a los usuarios la capacidad de subir archivos a almacenes y esta imagen fue renderizada en el navegador en el origen del dispositivo en lugar de solicitar descargar el activo. La aplicaci\u00f3n no evita que el usuario suba im\u00e1genes SVG y las devuelve a su origen. Como resultado, los usuarios maliciosos pueden subir im\u00e1genes SVG que contienen JavaScript arbitrario que se eval\u00faa cuando la v\u00edctima lanza una petici\u00f3n para descargar el archivo."
}
],
"id": "CVE-2018-9078",
"lastModified": "2024-11-21T04:14:55.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:01.097",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "9C681D87-390C-4515-876B-56F301C6C2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD583F-99C1-474D-9D33-CB3FFBF87710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "1552A6C4-D72C-4F4A-959A-A74FB2F9331F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC36B80-3542-46E8-ABB0-988BF8405336",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CF0CA3-C011-479E-90DB-1C4D9136778C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F667B-CF55-458E-A0DF-2D0BA47FF34E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8750825E-AD9D-43FF-BA19-C1DC360E4050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA96CA-47B7-4C36-B160-49AEAFEC7AE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DAD273-0243-4C4B-BA48-98843262D454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D9442509-43F9-43AE-ABB8-A109029CBCB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67148992-00E9-4F99-8027-6AA0C56D64C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "0538AFC3-AF46-4A3D-BDA2-3D2B287C5083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8A885-87E4-47B6-964C-BD6B2CC253C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF64BC7-7AE0-4822-9F95-325EF6B914CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "73152B06-114D-41CA-B4A4-F430F7A1D818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46920A-82FF-4E15-AB22-DFDB6D532DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "24151BE4-3D25-4ED6-BD93-117C9AEDEC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEDB98C-CB83-467A-B866-1E26146977BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068F1733-22CD-4265-8519-54968CBCDA51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAE671E-04BF-4BAE-847A-8236FB9EB927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C2AAD-0356-4C4C-B1F2-50736844A809",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "A7298F84-E758-4AB3-9F0C-6F6B11997E69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AECD5C-256C-4F24-8162-14E569CDCED6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "83A7AFAE-89F3-4E69-83C4-77361D5DBD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EDB44-96C0-425C-B192-0AE8C5BC265A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F95A331F-E040-4025-AD3F-C6118204091D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2441B8E2-C356-49C1-BD7B-028C4A83616C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "80271F4B-3195-4A9A-A5B7-9CED966AC29C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9B4663-D9EB-4207-B393-CDF45F020A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C110122A-D64C-417F-BC56-0F0B34509062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B15B3E-FE90-43C1-9724-1FA19D4F0759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1AB5D-19B0-43F0-9656-3D78ED8047F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5471D381-CEEB-4351-B78A-41ECA2656A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS\u0027s web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie\u0027s value to compromise the user\u0027s session."
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al establecer la cookie Iomega a un valor conocido antes de iniciar sesi\u00f3n en la aplicaci\u00f3n web de NAS, \u00e9sta no proporcionar\u00e1 al usuario un nuevo valor de cookie. Esto permite que un atacante que conozca el valor de la cookie comprometa la sesi\u00f3n del usuario."
}
],
"id": "CVE-2018-9080",
"lastModified": "2024-11-21T04:14:56.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:01.313",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/solutions/LEN-24224 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "9C681D87-390C-4515-876B-56F301C6C2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD583F-99C1-474D-9D33-CB3FFBF87710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "1552A6C4-D72C-4F4A-959A-A74FB2F9331F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC36B80-3542-46E8-ABB0-988BF8405336",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CF0CA3-C011-479E-90DB-1C4D9136778C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F667B-CF55-458E-A0DF-2D0BA47FF34E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8750825E-AD9D-43FF-BA19-C1DC360E4050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "57CA96CA-47B7-4C36-B160-49AEAFEC7AE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DAD273-0243-4C4B-BA48-98843262D454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D9442509-43F9-43AE-ABB8-A109029CBCB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67148992-00E9-4F99-8027-6AA0C56D64C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "0538AFC3-AF46-4A3D-BDA2-3D2B287C5083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8A885-87E4-47B6-964C-BD6B2CC253C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF64BC7-7AE0-4822-9F95-325EF6B914CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "73152B06-114D-41CA-B4A4-F430F7A1D818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46920A-82FF-4E15-AB22-DFDB6D532DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "24151BE4-3D25-4ED6-BD93-117C9AEDEC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEDB98C-CB83-467A-B866-1E26146977BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068F1733-22CD-4265-8519-54968CBCDA51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAE671E-04BF-4BAE-847A-8236FB9EB927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C2AAD-0356-4C4C-B1F2-50736844A809",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "A7298F84-E758-4AB3-9F0C-6F6B11997E69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AECD5C-256C-4F24-8162-14E569CDCED6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "83A7AFAE-89F3-4E69-83C4-77361D5DBD2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EDB44-96C0-425C-B192-0AE8C5BC265A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "F95A331F-E040-4025-AD3F-C6118204091D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2441B8E2-C356-49C1-BD7B-028C4A83616C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "80271F4B-3195-4A9A-A5B7-9CED966AC29C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9B4663-D9EB-4207-B393-CDF45F020A86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C110122A-D64C-417F-BC56-0F0B34509062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B15B3E-FE90-43C1-9724-1FA19D4F0759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C1AB5D-19B0-43F0-9656-3D78ED8047F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "5471D381-CEEB-4351-B78A-41ECA2656A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ez_media_\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*",
"matchCriteriaId": "815AF29A-A455-4452-BEDC-469072A078CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ez_media_\\\u0026_backup_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70B23F2C-23A4-44E1-AD8B-89F3A9E32013",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account"
},
{
"lang": "es",
"value": "Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, la funcionalidad de cambio de contrase\u00f1as disponible para los usuarios autenticados no requiere la contrase\u00f1a actual del usuario para establecer una nueva. Como resultado, los atacantes con acceso a los tokens de sesi\u00f3n del usuario pueden cambiar su contrase\u00f1a y mantener el acceso a la cuenta del usuario."
}
],
"id": "CVE-2018-9082",
"lastModified": "2024-11-21T04:14:56.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T20:29:01.563",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-9082 (GCVE-0-2018-9082)
Vulnerability from cvelistv5
Published
2018-09-28 20:00
Modified
2024-08-05 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Password change does not require existing password
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group LTD | Iomega StorCenter |
Version: 4.1.402.34662 < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password change does not require existing password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9082",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password change does not require existing password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9082",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9079 (GCVE-0-2018-9079)
Vulnerability from cvelistv5
Published
2018-09-28 20:00
Modified
2024-08-05 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group LTD | Iomega StorCenter |
Version: 4.1.402.34662 < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9079",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9079",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9080 (GCVE-0-2018-9080)
Vulnerability from cvelistv5
Published
2018-09-28 20:00
Modified
2024-08-05 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Session fixation
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group LTD | Iomega StorCenter |
Version: 4.1.402.34662 < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS\u0027s web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie\u0027s value to compromise the user\u0027s session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9080",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS\u0027s web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie\u0027s value to compromise the user\u0027s session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9080",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9078 (GCVE-0-2018-9078)
Vulnerability from cvelistv5
Published
2018-09-28 20:00
Modified
2024-08-05 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SVG
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group LTD | Iomega StorCenter |
Version: 4.1.402.34662 < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device\u0027s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SVG",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9078",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device\u0027s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SVG"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9078",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9081 (GCVE-0-2018-9081)
Vulnerability from cvelistv5
Published
2018-09-28 20:00
Modified
2024-08-05 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo Group LTD | Iomega StorCenter |
Version: 4.1.402.34662 < |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Iomega StorCenter",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "LenovoEMC",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
},
{
"product": "EZ Media and Backup Center",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThanOrEqual": "4.1.402.34662",
"status": "affected",
"version": "4.1.402.34662",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T19:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
],
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
},
"title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9081",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9081",
"datePublished": "2018-09-28T20:00:00",
"dateReserved": "2018-03-27T00:00:00",
"dateUpdated": "2024-08-05T07:17:50.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201809-1099
Vulnerability from variot
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. Iomega , Lenovo , LenovoEMC NAS The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). A cross-site scripting vulnerability exists in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier. A remote attacker could exploit this vulnerability to elevate privileges by adding a file. The following products and versions are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl , EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storcenter px12-400r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \\\u0026 backup center",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-450r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix2",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px6-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px2-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "lenovoemc",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:emc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
}
]
},
"cve": "CVE-2018-9081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2018-9081",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-139113",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2018-9081",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9081",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-9081",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1180",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-139113",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. Iomega , Lenovo , LenovoEMC NAS The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). A cross-site scripting vulnerability exists in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier. A remote attacker could exploit this vulnerability to elevate privileges by adding a file. The following products and versions are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl , EZ Media \u0026 Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media \u0026 Backup Center",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9081"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "VULHUB",
"id": "VHN-139113"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9081",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-24224",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"id": "VAR-201809-1099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:17.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-24224",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-24224"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85214"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9081"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9081"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139113"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-139113"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"date": "2018-09-28T20:29:01.423000",
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-139113"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010432"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1180"
},
{
"date": "2024-11-21T04:14:56.240000",
"db": "NVD",
"id": "CVE-2018-9081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo Product site cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010432"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1180"
}
],
"trust": 0.6
}
}
var-201809-1096
Vulnerability from variot
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. Iomega , Lenovo , LenovoEMC NAS The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker could exploit this vulnerability to elevate privileges by uploading an SVG image with arbitrary JavaScript code. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storcenter px12-400r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \\\u0026 backup center",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-450r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px12-400r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-400d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ix2",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px6-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px2-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "px4-300r",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "ez media \u0026 backup center",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix2-dl",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter ix4-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-400r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px12-450r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px2-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px4-300r",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "storcenter px6-300d",
"scope": "lte",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.1.402.34662"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:lenovo:ez_media_%26_backup_center_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_ix2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_ix2-dl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_ix4-300d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px12-400r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px12-450r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px2-300d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px4-300d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px4-300r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:storcenter_px6-300d_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
}
]
},
"cve": "CVE-2018-9078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-9078",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-139110",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-9078",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9078",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-9078",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139110",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device\u0027s origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. Iomega , Lenovo , LenovoEMC NAS The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. An attacker could exploit this vulnerability to elevate privileges by uploading an SVG image with arbitrary JavaScript code. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media \u0026 Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media \u0026 Backup Center ",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "VULHUB",
"id": "VHN-139110"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9078",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-24224",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139110",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"id": "VAR-201809-1096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:17.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-24224",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85211"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9078"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9078"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-139110"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"date": "2018-09-28T20:29:01.097000",
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139110"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013140"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1177"
},
{
"date": "2024-11-21T04:14:55.757000",
"db": "NVD",
"id": "CVE-2018-9078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo Vulnerabilities related to security functions in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1177"
}
],
"trust": 0.6
}
}