We are sorry, eCoupon {0} {1} has been fully claimed
We are sorry, eCoupon {0} {1} has been fully claimed. Refresh and try when others quit.
{0} coupons left to claim
Compare
Added!
Build Your PC
View {0} Model
View {0} Models
Configure/Buy
Add To Cart
This model is configurable! Click Build Your PC to start configuring.
Earn Double Rewards
Earn Triple Rewards
4X Rewards
5X Rewards
Huge Rewards
Earn
in Rewards
Double Rewards
JOIN MYLENOVO
REWARDS!!
• Earn & redeem rewards
• Engagement rewards
• Member exclusive offers
• Free to Join — Join now!
Coming Soon
DISCONTINUED
TEMPORARILY UNAVAILABLE
READY TO SHIP
Price Match Guarantee
/shopping-faq/#payments
off
Save
Web Price:
Exclusive Price:
Starting at
Instant Savings
eCoupon Savings:
instantSavingPriceWithoutECoupon
Show Price Breakdown
Hide Price Breakdown
Use eCoupon
Includes
Features
Key Details
Part Number
See More
See Less
 
Coming Soon
more
expanded
collapsed
See More Details
Great choice!
You may compare up to 4 products per product category (laptops, desktops, etc). Please de-select one to add another.
View Your Comparisons

This is a recommends products dialog
Top Suggestions
Starting at
View All >
skip to main content
{"backgroundColor":"#e6f4fa","sideMsg":{"t_id":"","language":{"en_us":""},"id":""},"data":[{"bannerInfo":{"t_id":"Pagee352fdb0-527f-4912-8ce7-252aab731d8a","language":{"en_us":"%3Cp%3EDeals%20continue!%20Save%20on%20PCs%20and%20Electronics.%26nbsp%3B%3Ca%20href%3D%22%2Fd%2Fdeals%2Fdoorbusters%2F%3FipromoID%3DLEN944203%22%20target%3D%22_self%22%20title%3D%22Shop%20Doorbusters%22%20textvalue%3D%22Shop%20Deals%20%26gt%3B%22%3E%3Cstrong%3EShop%20Doorbusters%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3ESave%20big%20during%20our%20Black%20Friday%20Sneak%20Peek%20sale.%20Ends%2011%2F1.%20%3Ca%20href%3D%22%2Fd%2Fdeals%2Fdoorbusters%2F%3FipromoID%3DLEN944203%22%20target%3D%22_self%22%20title%3D%22Shop%20Doorbusters%22%3E%3Cstrong%3EShop%20Doorbusters%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Pagee352fdb0-527f-4912-8ce7-252aab731d8a"}},{"bannerInfo":{"t_id":"Page8a8ba584-5a28-457e-a38d-19a7c45e5871","language":{"en_us":"%3Cp%3EFree%20Shipping%20on%20all%20orders.%3C%2Fp%3E","en":"%3Cp%3EFree%20Shipping%20on%20all%20orders.%3C%2Fp%3E"},"id":"Page8a8ba584-5a28-457e-a38d-19a7c45e5871"}},{"bannerInfo":{"t_id":"Page48a01080-8447-45e6-b3e3-c04fe65ba6ac","language":{"en_us":"%3Cp%3EBuy%20With%20Confidence.%20Holiday%20Prices%2C%20Price%20Match%2C%20and%20Price%20Guarantee%20policies%20are%20in%20effect.%26nbsp%3B%3Ca%20href%3D%22%2Fshopping-faq%2F%23payments%3FipromoID%3DLEN542526%22%20target%3D%22_self%22%20title%3D%22Learn%20More%22%20textvalue%3D%22Learn%20More%22%3E%3Cstrong%3ELearn%20More%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3EBuy%20With%20Confidence.%20Holiday%20Prices%2C%20Price%20Match%2C%20and%20Price%20Guarantee%20policies%20are%20in%20effect.%26nbsp%3B%3Ca%20href%3D%22%2Fshopping-faq%2F%23payments%3FipromoID%3DLEN542526%22%20target%3D%22_self%22%20title%3D%22Learn%20More%22%20textvalue%3D%22Learn%20More%22%3E%3Cstrong%3ELearn%20More%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Page48a01080-8447-45e6-b3e3-c04fe65ba6ac"}},{"bannerInfo":{"t_id":"Page3fe62a93-de54-44b1-878a-9ca4930c8c45","language":{"en_us":"%3Cp%3E12%20Months%20Special%20Financing%20on%20qualifying%20purchases%20with%20your%20Lenovo%20Financing%20Credit%20Card.%20Limited%20time%20offer.%26nbsp%3B%3Ca%20href%3D%22%2Flandingpage%2Flenovo-financing-options%3FipromoID%3DLEN771093%22%20target%3D%22_self%22%20title%3D%22Prequalify%22%20textvalue%3D%22Prequalify%22%3E%3Cstrong%3EPrequalify%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3EGet%206%20Months%20Special%20Financing.%20On%20purchases%20of%20%24500%2B%20with%20your%20Lenovo%20Financing%20Credit%20Card.%26nbsp%3B%3Ca%20href%3D%22%2Flandingpage%2Flenovo-financing-options%3FipromoID%3DLEN771093%22%20target%3D%22_self%22%20title%3D%22Prequalify%22%20textvalue%3D%22Prequalify%22%3E%3Cstrong%3EPrequalify%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Page3fe62a93-de54-44b1-878a-9ca4930c8c45"}},{"bannerInfo":{"t_id":"Page864db7b5-4ea6-4739-9862-01c42ab9152f","language":{"en_us":"%3Cp%3EMyLenovo%20Rewards%20Members%20earn%203-9%25%20rewards%20sitewide%20every%20day.%26nbsp%3B%3Ca%20href%3D%22%2Frewards%2F%3FipromoID%3DLEN775755%22%20target%3D%22_self%22%20title%3D%22Join%20For%20Free%22%20textvalue%3D%22Join%20For%20Free%22%3E%3Cstrong%3EJoin%20For%20Free%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3EMyLenovo%20Rewards%20Members%20earn%202x%20rewards%20sitewide.%20Ends%2011%2F7.%26nbsp%3B%3Ca%20href%3D%22%2Frewards%2F%3FipromoID%3DLEN775755%22%20target%3D%22_self%22%20title%3D%22Join%20Rewards%22%20textvalue%3D%22Join%20For%20Free%22%3E%3Cstrong%3EJoin%20For%20Free%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Page864db7b5-4ea6-4739-9862-01c42ab9152f"}}],"autoRun":true}
  • Deals continue! Save on PCs and Electronics. Shop Doorbusters >

  • Free Shipping on all orders.

  • Buy With Confidence. Holiday Prices, Price Match, and Price Guarantee policies are in effect. Learn More

  • 12 Months Special Financing on qualifying purchases with your Lenovo Financing Credit Card. Limited time offer. Prequalify

  • MyLenovo Rewards Members earn 3-9% rewards sitewide every day. Join For Free


Vulnerability Disclosure Policy


{"pageComponentDataId":"8a70d6f1-919b-4912-97ff-6e50d3688d0a","keywords":"Laptops, Desktops, Workstations, Tablets","urlPrefix":"AAAAAAAFAAAA","h1":"","description":"Lenovo Security Vault -Vulnerability Disclosure Policy\n","h2":"","h3":"","title":"Vulnerability Disclosure Policy","urlEdit":0,"taxonomyType":"about","taxonomyTypeValue":"1","pagetype2":"","metaData":[],"pagetype1":"","theme":"","robots":"INDEX,FOLLOW","seriesPageCategoryCode":"","pageTypeName":"3W Homepage","adobeCategory":"","pageComponentDataLangCode":"en_us","navposkey":"pc_nav","canonical":"","productNumber":"","pageId":"5b3caaf1-8bf4-4db4-99a0-0fbe6355d780","uri":"/product-security/vulnerability-disclosure-policy/index.html","subjectVariable":"","backgroundImgHeight":"100%","jsFile":"","metaTitle":"Vulnerability Disclosure Policy","backgroundColors":"#ffffff","formData":{"pcText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Pagef01f77c9-d28f-4c51-9a2e-1a68c75a63da"},"mobileText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Page8beeeee6-35d6-4d84-9448-d57dbb0234f8"},"tabletText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Pageac8c355a-9bd2-480c-8fb5-537adbcbbbc9"}}}

Lenovo is committed to delivering safe and secure products and services. When vulnerabilities are discovered, we work diligently to resolve them. This document describes Lenovo’s policy for receiving reports related to potential security vulnerabilities in its products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities.  

When to contact the Product Security Incident Response Team (PSIRT)

Contact the Lenovo Product Security Incident Response Team (PSIRT) by sending an email to psirt@lenovo.com if you have identified a potential security vulnerability with one of our products. After your incident report is received, the appropriate personnel will contact you to follow-up.

To ensure confidentiality, we encourage you to encrypt any sensitive information you send to us via email.  We are able to receive messages encrypted using OpenPGP.  For a copy of our public key for sending encrypted email go here.

The psirt@lenovo.com email address is intended ONLY for the purpose of reporting product or service security vulnerabilities specific to our products or services.  For technical support information on our products or services, please visit www.lenovo.com/support.

Lenovo strives to acknowledge receipt of all submitted reports within two business days.

Receiving security information from Lenovo

Security Advisories
Security advisories related to our products and services are posted on our security web site at www.lenovo.com/product_security/advisories. In most cases, we will issue a notice when we have identified a practical workaround or fix for the particular security vulnerability, though there may be instances when we issue a notice in the absence of a workaround when the vulnerability has become widely known to the security community. 

In cases where a third party notifies Lenovo of a potential vulnerability found in our products we will investigate the finding and may publish a coordinated disclosure along with the third party.  In some instances, Lenovo may receive information about a security vulnerability from a supplier under a confidentiality or non-disclosure agreement or under embargo.  In these cases, Lenovo will work with the supplier to request that a security fix is released although we may not be able to provide details about the security vulnerability.  

Lenovo does not publish security advisories for open source vulnerabilities.


Release Notes (readme or change history)

Information included in Release Notes related to security updates will reference either the CVE or the internal LEN tracking number. Both are included in our published security advisories as applicable.  When Lenovo believes it is in the customer’s best interest to update as soon as possible, the remediation may be released ahead of the security advisory.  Once the advisory has been published, information about the vulnerability can be found by referencing the LEN tracking number from the release notes.

Information included in Release Notes related to open source vulnerability remediation will include published CVEs. 


Severity

In scoring or rating vulnerabilities, Lenovo follows standard industry best practices to designate the vulnerability’s potential impact as High, Medium or Low.  This approach follows the Common Vulnerability Scoring System (CVSS, which provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors, and researchers to all benefit by adopting a common language of scoring IT vulnerabilities.


Product Impact

Generally, security advisories include a list of Lenovo products with a status of Affected, Not Affected or Researching.  Affected products will include a link to the fix which can be downloaded from the Lenovo Support site (where all updates are maintained) or a recommended workaround and/or a target date for a remediation.  In cases where the vulnerability is specific to a particular set of products, Lenovo may only provide a list of the affected products.  On occasion, Lenovo may find it necessary to publish a security advisory in advance of completing an impact assessment across all products.  In these cases, a status of Researching will be shown.  It is recommended that customers visit the security advisory site to stay current with the advisory status.


References

If additional information on the vulnerability is available, the advisory will provide links as a reference.  This includes links to the CVE or blog or article citations.

Acknowledgement

Typically, we look to acknowledge the researcher or finder of the vulnerability and, with their permission, will provide them with a credit. 

Revision History

When updates are made to an advisory, the revision history will show what was updated and when.

We make the best effort possible to resolve vulnerabilities in supported products as quickly as possible. However, no guaranteed level of response applies for any specific issue or class of issues due to factors such as fix complexity, quality testing, embargoes, and cross-vendor coordination.


Compare  ()