Sign-up

ID

VAR-202003-1214


CVE

CVE-2015-8536


TITLE

Lenovo Solution Center Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008632

DESCRIPTION

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. (DoS) It may be put into a state. Lenovo Solution Center is a set of computer system monitoring software developed by China Lenovo (Lenovo). The software is capable of identifying system health, the status of network connectivity and overall system security, and more. Attackers can use malicious websites or specially crafted URLs to exploit this vulnerability to perform unauthorized operations

Trust: 1.71

sources: NVD: CVE-2015-8536 // JVNDB: JVNDB-2015-008632 // VULHUB: VHN-86497

AFFECTED PRODUCTS

vendor:lenovomodel:solution centerscope:ltversion:3.3.002

Trust: 1.0

vendor:lenovomodel:solution centerscope:eqversion:3.3.002

Trust: 0.8

sources: JVNDB: JVNDB-2015-008632 // NVD: CVE-2015-8536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8536
value: HIGH

Trust: 1.0

NVD: JVNDB-2015-008632
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-1674
value: HIGH

Trust: 0.6

VULHUB: VHN-86497
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8536
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2015-008632
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-86497
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8536
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008632
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-86497 // JVNDB: JVNDB-2015-008632 // CNNVD: CNNVD-202003-1674 // NVD: CVE-2015-8536

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-86497 // JVNDB: JVNDB-2015-008632 // NVD: CVE-2015-8536

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1674

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202003-1674

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008632

PATCH
title:LEN-4326url:https://support.lenovo.com/us/en/product_security/len_4326
Trust: 0.8
title:Lenovo Solution Center Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113071
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008632 // 
            
            
            
            CNNVD: CNNVD-202003-1674

EXTERNAL IDS
db:NVDid:CVE-2015-8536
Trust: 2.5
db:JVNDBid:JVNDB-2015-008632
Trust: 0.8
db:CNNVDid:CNNVD-202003-1674
Trust: 0.7
db:CNVDid:CNVD-2020-21038
Trust: 0.1
db:VULHUBid:VHN-86497
Trust: 0.1
sources:
            
            
            VULHUB: VHN-86497 // 
            
            
            
            JVNDB: JVNDB-2015-008632 // 
            
            
            
            CNNVD: CNNVD-202003-1674 // 
            
            
            
            NVD: CVE-2015-8536

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len_4326
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2015-8536
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8536
Trust: 0.8
sources:
            
            
            VULHUB: VHN-86497 // 
            
            
            
            JVNDB: JVNDB-2015-008632 // 
            
            
            
            CNNVD: CNNVD-202003-1674 // 
            
            
            
            NVD: CVE-2015-8536

SOURCES
db:VULHUBid:VHN-86497
db:JVNDBid:JVNDB-2015-008632
db:CNNVDid:CNNVD-202003-1674
db:NVDid:CVE-2015-8536

LAST UPDATE DATE
2024-11-23T23:04:27.092000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-86497date:2020-03-31T00:00:00
db:JVNDBid:JVNDB-2015-008632date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1674date:2020-04-01T00:00:00
db:NVDid:CVE-2015-8536date:2024-11-21T02:38:40.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-86497date:2020-03-27T00:00:00
db:JVNDBid:JVNDB-2015-008632date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1674date:2020-03-27T00:00:00
db:NVDid:CVE-2015-8536date:2020-03-27T15:15:11.880