Lenovo : Security Vulnerabilities, CVEs, Published In 2018 (Code Execution) CVSS score >= 4
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
Max CVSS
7.2
EPSS Score
0.12%
Published
2018-11-16
Updated
2020-08-24
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
Max CVSS
9.8
EPSS Score
0.80%
Published
2018-04-23
Updated
2020-05-15
2 vulnerabilities found