Lenovo Information for VU#294607

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

Status

Affected

Vendor Statement

"Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available."

Vendor Information

Vendor References

https://support.lenovo.com/us/en/product_security/len_4326

Addendum

If you have feedback, comments, or additional information about this vulnerability, please send us email.