Sign-up

ID

VAR-201706-0113


CVE

CVE-2016-8230


TITLE

Lenovo Service Bridge Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-008621

DESCRIPTION

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2016-8230 // JVNDB: JVNDB-2016-008621 // VULHUB: VHN-97050

AFFECTED PRODUCTS

vendor:lenovomodel:service bridgescope:eqversion: -

Trust: 1.6

vendor:lenovomodel:service bridgescope:ltversion:4

Trust: 0.8

sources: JVNDB: JVNDB-2016-008621 // CNNVD: CNNVD-201706-091 // NVD: CVE-2016-8230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8230
value: HIGH

Trust: 1.0

NVD: CVE-2016-8230
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97050
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8230
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8230
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97050 // JVNDB: JVNDB-2016-008621 // CNNVD: CNNVD-201706-091 // NVD: CVE-2016-8230

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-97050 // JVNDB: JVNDB-2016-008621 // NVD: CVE-2016-8230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-091

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008621

PATCH
title:LEN-10149url:https://support.lenovo.com/jp/ja/product_security/len-10149
Trust: 0.8
title:Lenovo Service Bridge Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70752
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008621 // 
            
            
            
            CNNVD: CNNVD-201706-091

EXTERNAL IDS
db:NVDid:CVE-2016-8230
Trust: 2.5
db:LENOVOid:LEN-10149
Trust: 1.7
db:JVNDBid:JVNDB-2016-008621
Trust: 0.8
db:CNNVDid:CNNVD-201706-091
Trust: 0.7
db:VULHUBid:VHN-97050
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97050 // 
            
            
            
            JVNDB: JVNDB-2016-008621 // 
            
            
            
            CNNVD: CNNVD-201706-091 // 
            
            
            
            NVD: CVE-2016-8230

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-10149
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8230
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8230
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97050 // 
            
            
            
            JVNDB: JVNDB-2016-008621 // 
            
            
            
            CNNVD: CNNVD-201706-091 // 
            
            
            
            NVD: CVE-2016-8230

SOURCES
db:VULHUBid:VHN-97050
db:JVNDBid:JVNDB-2016-008621
db:CNNVDid:CNNVD-201706-091
db:NVDid:CVE-2016-8230

LAST UPDATE DATE
2024-11-23T22:01:05.447000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97050date:2017-06-09T00:00:00
db:JVNDBid:JVNDB-2016-008621date:2017-06-30T00:00:00
db:CNNVDid:CNNVD-201706-091date:2017-06-05T00:00:00
db:NVDid:CVE-2016-8230date:2024-11-21T02:59:01.873

SOURCES RELEASE DATE
db:VULHUBid:VHN-97050date:2017-06-04T00:00:00
db:JVNDBid:JVNDB-2016-008621date:2017-06-30T00:00:00
db:CNNVDid:CNNVD-201706-091date:2017-06-05T00:00:00
db:NVDid:CVE-2016-8230date:2017-06-04T21:29:00.277