6 matches found
CVE-2026-6282
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...
The vulnerabilities of the System Management Module (SMM/SMM2) and the Fan Power Controller (FPC) in the microprogramming software for Lenovo ThinkSystem, ThinkAgile, NeXtScale storage systems, as well as Lenovo CP-CB-10 laptops, allow attackers to execute arbitrary commands.
The vulnerability of the System Management Module SMM/SMM2 and the Fan Power Controller FPC in the microprogramming operating systems of Lenovo’s ThinkSystem, ThinkAgile, NeXtScale storage systems, and Lenovo CP-CB-10 laptops exists due to the failure to take measures to neutralize the special...
Remote Support Authentication Vulnerability in IBM Spectrum Virtualize and Lenovo Storage V Series - Lenovo Support US
No description provided...
The vulnerability of the implementation of the status tracking mechanism for the AutoSupport system allows a perpetrator to gain unauthorized access to protected information. This vulnerability is present in the Active IQ Unified Manager, a tool for managing system status and performance in storage systems. This vulnerability is also present in the microsoftware used in Lenovo ThinkSystem DM series storage systems.
The vulnerability of the AutoSupport system monitoring mechanism implemented in the Active IQ Unified Manager software for managing storage system status and performance, as well as in Lenovo ThinkSystem DM series storage systems, is related to insufficient protection of operational data...
CVE-2021-42848
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details...
CVE-2021-42850
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access...