Insecure HTTP Connection in Lenovo Service Bridge: Exposing Sensitive System Information

Insecure HTTP Connection in Lenovo Service Bridge: Exposing Sensitive System Information

CVE-2016-8230 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.

Learn more about our Cis Benchmark Audit For Server Software.