Sign-up

ID

VAR-202003-1213


CVE

CVE-2015-8535


TITLE

Lenovo Solution Center Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008631

DESCRIPTION

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. Lenovo Solution Center (LSC) Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo Solution Center is a set of computer system monitoring software developed by China Lenovo (Lenovo). The software is capable of identifying system health, the status of network connectivity and overall system security, and more

Trust: 1.71

sources: NVD: CVE-2015-8535 // JVNDB: JVNDB-2015-008631 // VULHUB: VHN-86496

AFFECTED PRODUCTS

vendor:lenovomodel:solution centerscope:ltversion:3.3.002

Trust: 1.0

vendor:lenovomodel:solution centerscope:eqversion:3.3.002

Trust: 0.8

sources: JVNDB: JVNDB-2015-008631 // NVD: CVE-2015-8535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8535
value: HIGH

Trust: 1.0

NVD: JVNDB-2015-008631
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1673
value: HIGH

Trust: 0.6

VULHUB: VHN-86496
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-8535
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2015-008631
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-86496
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8535
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008631
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-86496 // JVNDB: JVNDB-2015-008631 // CNNVD: CNNVD-202003-1673 // NVD: CVE-2015-8535

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-86496 // JVNDB: JVNDB-2015-008631 // NVD: CVE-2015-8535

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1673

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202003-1673

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008631

PATCH
title:LEN-4326url:https://support.lenovo.com/us/en/product_security/len_4326
Trust: 0.8
title:Lenovo Solution Center Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113070
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008631 // 
            
            
            
            CNNVD: CNNVD-202003-1673

EXTERNAL IDS
db:NVDid:CVE-2015-8535
Trust: 2.5
db:JVNDBid:JVNDB-2015-008631
Trust: 0.8
db:CNNVDid:CNNVD-202003-1673
Trust: 0.7
db:CNVDid:CNVD-2020-21037
Trust: 0.1
db:VULHUBid:VHN-86496
Trust: 0.1
sources:
            
            
            VULHUB: VHN-86496 // 
            
            
            
            JVNDB: JVNDB-2015-008631 // 
            
            
            
            CNNVD: CNNVD-202003-1673 // 
            
            
            
            NVD: CVE-2015-8535

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len_4326
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2015-8535
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8535
Trust: 0.8
sources:
            
            
            VULHUB: VHN-86496 // 
            
            
            
            JVNDB: JVNDB-2015-008631 // 
            
            
            
            CNNVD: CNNVD-202003-1673 // 
            
            
            
            NVD: CVE-2015-8535

SOURCES
db:VULHUBid:VHN-86496
db:JVNDBid:JVNDB-2015-008631
db:CNNVDid:CNNVD-202003-1673
db:NVDid:CVE-2015-8535

LAST UPDATE DATE
2024-11-23T22:44:38.506000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-86496date:2020-03-31T00:00:00
db:JVNDBid:JVNDB-2015-008631date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1673date:2020-04-01T00:00:00
db:NVDid:CVE-2015-8535date:2024-11-21T02:38:40.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-86496date:2020-03-27T00:00:00
db:JVNDBid:JVNDB-2015-008631date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1673date:2020-03-27T00:00:00
db:NVDid:CVE-2015-8535date:2020-03-27T15:15:11.817