CVE-2019-6166: CSRF
First published: Wed Jun 26 2019(Updated: )
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Service Bridge | <4.1.0.1 | |
| Lenovo Ideacentre | ||
| Lenovo Ideapad | ||
| Lenovo Tablet | ||
| Lenovo Thinkcentre | ||
| Lenovo ThinkPad | ||
| Lenovo Thinkstation | ||
| Lenovo Yoga |
Remedy
Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Lenovo Service Bridge vulnerability?
The vulnerability ID for this Lenovo Service Bridge vulnerability is CVE-2019-6166.
What is the severity level of CVE-2019-6166?
CVE-2019-6166 has a severity level of 8.8, which is considered high.
What is the affected software for CVE-2019-6166?
The affected software is Lenovo Service Bridge before version 4.1.0.1.
What is the CWE ID for CVE-2019-6166?
The CWE ID for CVE-2019-6166 is 352.
How can I fix this vulnerability?
To fix this vulnerability, update Lenovo Service Bridge to version 4.1.0.1 or later.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/lenovo
- canonical/lenovo service bridge
- canonical/lenovo ideacentre
- canonical/lenovo ideapad
- canonical/lenovo tablet
- canonical/lenovo thinkcentre
- canonical/lenovo thinkpad
- canonical/lenovo thinkstation
- canonical/lenovo yoga