Lenovo Help Android App Suffers from Insufficient Access Control Vulnerability
CVE-2018-9067

7.5HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo Help Android Application
Vendor: CVE Published:; 13 July 2018

What is CVE-2018-9067?

The Lenovo Help Android app versions prior to 6.1.2.0327 are affected by a vulnerability due to insufficient access control. This security flaw may allow unauthorized access to sensitive user data, potentially exposing approximately 400 email addresses and 8,500 IMEI numbers. Proper access control measures are critical to prevent unauthorized data breaches and protect user privacy.

Affected Version(s)

Lenovo Help Android application Earlier than 6.1.2.0327

References

https://support.lenovo.com/us/en/solutions/LEN-21561

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2018
Vulnerability Reserved
Mar 27, 2018

CVE-2018-9067 Data

JSON