Unencrypted FTP Downloads in Lenovo Service Bridge
CVE-2019-6169

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 25 June 2019

Summary

A vulnerability in Lenovo Service Bridge prior to version 4.1.0.1 enables the potential for unencrypted file transfers through FTP. This security flaw may expose sensitive user data during transmission, making it accessible to unauthorized parties. Users are strongly encouraged to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Service Bridge < 4.1.0.1

References

https://support.lenovo.com/solutions/LEN-27725

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 11, 2019

Credit

Lenovo would like to thank Bill Demirkapi for reporting this issue.