Lenovo

Vantage

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2026-1717

  • EPSS 0.02%
  • Veröffentlicht 11.03.2026 20:22:50
  • Zuletzt bearbeitet 12.03.2026 21:08:22

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

7.1

CVE-2026-1716

  • EPSS 0.02%
  • Veröffentlicht 11.03.2026 20:22:37
  • Zuletzt bearbeitet 12.03.2026 21:08:22

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

7.1

CVE-2026-1715

  • EPSS 0.02%
  • Veröffentlicht 11.03.2026 20:22:24
  • Zuletzt bearbeitet 12.03.2026 21:08:22

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

5.5

CVE-2025-13154

  • EPSS 0.03%
  • Veröffentlicht 14.01.2026 22:16:13
  • Zuletzt bearbeitet 16.01.2026 15:55:33

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

7.8

CVE-2025-6232

  • EPSS 0.02%
  • Veröffentlicht 17.07.2025 19:19:32
  • Zuletzt bearbeitet 22.07.2025 17:05:42

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

7.8

CVE-2025-6231

  • EPSS 0.02%
  • Veröffentlicht 17.07.2025 19:19:23
  • Zuletzt bearbeitet 22.07.2025 17:05:25

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

5.3

CVE-2025-6230

  • EPSS 0.02%
  • Veröffentlicht 17.07.2025 19:19:12
  • Zuletzt bearbeitet 19.08.2025 16:32:52

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

7.8

CVE-2024-12673

  • EPSS 0.06%
  • Veröffentlicht 12.02.2025 21:15:12
  • Zuletzt bearbeitet 12.02.2025 21:15:12

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on t...

7.8

CVE-2023-6043

  • EPSS 0.01%
  • Veröffentlicht 19.01.2024 20:15:12
  • Zuletzt bearbeitet 21.11.2024 08:43:01

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

6.8

CVE-2023-6044

  • EPSS 0.04%
  • Veröffentlicht 19.01.2024 20:15:12
  • Zuletzt bearbeitet 21.11.2024 08:43:02

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.