Description
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-10149
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
lenovo/lenovo_service_bridge
Lenovo Group Ltd./Service Bridge
Earlier than version 4
Published
Jun 04, 2017
Tracked Since
Feb 18, 2026