CVE-2018-16098 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
lenovo	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Vendor	Product	Version
lenovo	synaptics_thinkpad_ultranav_driver	18.0.7.119
lenovo	synaptics_thinkpad_ultranav_driver	19.5.19.33
lenovo	synaptics_thinkpad_ultranav_driver	19.0.17.140
lenovo	synaptics_thinkpad_ultranav_driver	19.3.4.219
lenovo	synaptics_thinkpad_ultranav_driver	16.2.19.23
lenovo	synaptics_thinkpad_ultranav_driver	18.1.27.42
lenovo	thinkpad_helix_firmware	-
lenovo	thiankpad_l430_firmware	-
lenovo	thiankpad_l530_firmware	-
lenovo	thiankpad_p1_firmware	-
lenovo	thiankpad_x1_extreme_firmware	-
lenovo	thiankpad_p50s_firmware	-
lenovo	thiankpad_p51_firmware	-
lenovo	thiankpad_p51s_firmware	-
lenovo	thiankpad_p52s_firmware	-
lenovo	thiankpad_p70_firmware	-
lenovo	thiankpad_s1_yoga_firmware	-
lenovo	thiankpad_s430_firmware	-
lenovo	thiankpad_t420_firmware	-
lenovo	thiankpad_t420i_firmware	-
lenovo	thinkpad_t420s_firmware	-
lenovo	thinkpad_t420si_firmware	-
lenovo	thinkpad_t430s_firmware	-
lenovo	thinkpad_t430i_firmware	-
lenovo	thinkpad_t430s_firmware	-
lenovo	thinkpad_t431s_firmware	-
lenovo	thinkpad_t440_firmware	-
lenovo	thinkpad_t440s_firmware	-
lenovo	thinkpad_t440p_firmware	-
lenovo	thinkpad_t460s_firmware	-
lenovo	thinkpad_t470_firmware	-
lenovo	thinkpad_t470s_firmware	-
lenovo	thinkpad_t430s_firmware	-
lenovo	thinkpad_t520_firmware	-
lenovo	thinkpad_t520i_firmware	-
lenovo	thinkpad_t530_firmware	-
lenovo	thinkpad_t530i_firmware	-
lenovo	thinkpad_t540_firmware	-
lenovo	thinkpad_t540p_firmware	-
lenovo	thinkpad_t550_firmware	-
lenovo	thinkpad_t560_firmware	-
lenovo	thinkpad_t570_firmware	-
lenovo	thinkpad_t580_firmware	-
lenovo	thinkpad_twist_firmware	-
lenovo	thinkpad_s230u_firmware	-
lenovo	thinkpad_w530_firmware	-
lenovo	thinkpad_w540_firmware	-
lenovo	thinkpad_w541_firmware	-
lenovo	thinkpad_w550s_firmware	-
lenovo	thinkpad_x1_carbon_firmware	-
lenovo	thinkpad_x1_yoga_firmware	-
lenovo	thinkpad_x1_firmware	-
lenovo	thinkpad_x1_hybrid_firmware	-
lenovo	thinkpad_x220_firmware	-
lenovo	thinkpad_x220i_firmware	-
lenovo	thinkpad_x220_tablet_firmware	-
lenovo	thinkpad_x230_firmware	-
lenovo	thinkpad_x230i_firmware	-
lenovo	thinkpad_x230_tablet_firmware	-
lenovo	thinkpad_x230i_tablet_firmware	-
lenovo	thinkpad_x230s_firmware	-
lenovo	thinkpad_x240s_firmware	-
lenovo	thinkpad_x240_firmware	-
lenovo	thinkpad_x250_firmware	-
lenovo	thinkpad_x280_firmware	-
lenovo	thinkpad_yoga_11e_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-428 - Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

https://support.lenovo.com/us/en/solutions/LEN-24573

https://support.lenovo.com/bg/en/product_security/len-24573

https://support.lenovo.com/us/en/solutions/LEN-24573