Cross-Site Request Forgery Vulnerability in Lenovo Service Bridge
CVE-2019-6166

5.4MEDIUM

Key Information:

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 25 June 2019

Summary

A vulnerability identified in Lenovo Service Bridge versions prior to 4.1.0.1 allows attackers to potentially exploit cross-site request forgery (CSRF) attacks. This flaw may enable unauthorized actions on behalf of authenticated users if they visit a maliciously crafted web page. Users of Lenovo Service Bridge are urged to update to the latest version to mitigate exposure to this vulnerability.

Affected Version(s)

Service Bridge < 4.1.0.1

References

https://support.lenovo.com/solutions/LEN-27725

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 11, 2019

Credit

Lenovo would like to thank Bill Demirkapi for reporting this issue.