Vulnerabilities (CVE)

Filtered by vendor Lenovo Subscribe

Filtered by product Ix2

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-9080	1 Lenovo	40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more	2019-01-08	4.3 MEDIUM	5.9 MEDIUM
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
CVE-2018-9081	1 Lenovo	40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more	2018-11-16	2.6 LOW	4.7 MEDIUM
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.