A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Published October 15, 2020.
Lenovo Diagnostics