The vulnerabilities of the System Management Module (SMM/SMM2) and the Fan Power Controller (FPC) in the microprogramming software of Lenovo’s storage systems such as ThinkSystem, ThinkAgile, NeXtScale, as well as Lenovo CP-CB-10 laptops, allow attackers to gain unauthorized access to protected information.

The vulnerability of the System Management Module SMM/SMM2 and the Fan Power Controller FPC in the microprogramming software of Lenovo’s storage systems such as ThinkSystem, ThinkAgile, NeXtScale, as well as Lenovo CP-CB-10 laptops, is related to the absence of authentication for critical...

CVE-2019-6161

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB Storage Block BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain...