{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-24T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-12T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"}, {"name": "74198", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74198"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"}, {"name": "74198", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74198"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:47:56.259Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"}, {"name": "74198", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74198"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3322", "datePublished": "2015-04-16T23:00:00.000Z", "dateReserved": "2015-04-16T00:00:00.000Z", "dateUpdated": "2024-08-06T05:47:56.259Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9CA62C6-C274-4A02-BA07-14F3093C441F", "versionEndIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*", "matchCriteriaId": "B688F4B0-E786-48BE-8BF0-5D7264B2EEF5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE5005E6-8AC3-4E3A-95B0-5874F3BC7970", "versionEndIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*", "matchCriteriaId": "95E0DD7E-CC62-4384-91D4-7B2128780F7F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "614188E7-FB1D-41A5-B563-A484B1872DA3", "versionEndIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FAF28D1-5E43-4528-A92B-960AD7366A58", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57D10220-9E77-4E53-8861-D6012DC0F084", "versionEndIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*", "matchCriteriaId": "85F39E5A-4EB8-4581-8B40-F825E01B6D4F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "46B2325F-2B5E-4ABF-9B60-A51A0433C0B2", "versionEndIncluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95F55A1-5D77-4D50-8D7F-EEC134451013", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."}, {"lang": "es", "value": "Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-3322", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-16T23:59:03.557", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74198"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}