We are sorry, eCoupon {0} {1} has been fully claimed
We are sorry, eCoupon {0} {1} has been fully claimed. Refresh and try when others quit.
{0} coupons left to claim
Compare
Added!
Build Your PC
View {0} Model
View {0} Models
Configure/Buy
Add To Cart
This Product has recently expired. Please contact your Lenovo Sales Representative to renew this item.
This model is configurable! Click Build Your PC to start configuring.
JOIN MYLENOVO REWARDS!!
• Earn & redeem rewards
• Engagement rewards
• Member exclusive offers
COMING SOON
New Options Available
AVAILABLE SOON
READY TO SHIP
Price Match Guarantee
/shopping-faq/#payments
off
Save
Lenovo Outlet Price
Your price
List Price
List Price
List Price is Lenovo’s estimate of product value based on the industry data, including the prices at which first and third-party retailers and etailers have offered or valued the same or comparable products. Third-party reseller data may not be based on actual sales.
Est Value
Est Value (Estimated Value)
Estimated value is Lenovo’s estimate of product value based on industry data, including the prices at which Lenovo and/or third-party retailers and e-tailers have offered or valued the same or comparable products. Third-party data may not be based on actual sales.
Est Value:
Exclusive Price:
Starting at
Instant Savings
eCoupon Savings
Additional Savings
Show Price Breakdown
Configuration Savings
Hide Price Breakdown
Use eCoupon
Includes
Features
Key Details
Part Number
See More
See Less
Coming Soon
expanded
collapsed
See More Details
Great choice!
You may compare up to 4 products per product category (laptops, desktops, etc). Please de-select one to add another.
View Your Comparisons
One moment please...
Search on Lenovo.com Public Website
& Up
Shipping Options
Update Zip Code
Response Error
Input Format Error
Pts
FREE
Delivery options for {0}
Help Me Decide
Specs Teaser Content
Specs Teaser Link
Learn More
Show details
Hide details
View more details
Includes {qty} items
(Qty: {qty})
read more
OR
*Savings cannot be combined
Ask an Expert
Call our Sales Team at:
Mon-Fri 9am-5:30pm GMT
Save
Pickup Availability near {0}
Update Location
All Eligible Items
Pickup Location for: {0}
{0} Miles Away
Today
Tomorrow
in {0} Days
Ready {0}
Open until {0}
Get Directions
Select This Location
Update
Use My Current Location
or
Enter Zip Code
Cancel
Store Pickup:
Pickup unavailable
Available Today at select {0} locations
Get it today!
Get it tomorrow!
Choose a location and pick up select products at your nearest Best Buy.
Availability may change based on store location.
Choose a pickup location
See all pickup locations
Ready {0}
at {0} {Store Name}
Pickup Availability near {0}
Update Location
All Eligible Items
Pickup Location for: {0}
{0} Miles Away
Today
Tomorrow
in {0} Days
Ready {0}
Open until {0}
Get Directions
Select This Location
update
Use My Current Location
or
Enter Zip Code
Cancel
Store Pickup:
Pickup unavailable
Available Today at select {0} locations
Get it today!
Get it tomorrow!
Choose a location and pick up select products at your nearest Best Buy.
Availability may change based on store location.
Choose a pickup location
See all pickup locations
Ready {0}
at {0} {Store Name}
After eCoupon limit is met, price is {nonEcouponPrice}
After eCoupon limit is met, price is {nonEcouponPrice}
QUANTITY UNAVAILABLE
Expiration Date:
Remaining Units:
My Price:
Hide quote dialog
Sign in or Create an Account
Sign In
Email Address
Password
Not enrolled for rewards? Join Now
By joining, you agree to the Terms of Service and you are opting in to receive Lenovo marketing communications via email.
/us/en/rewards/terms/
Terms of Service
Remember me
Forgot your username or password?
Create an Account
You can store addresses, easily keep track of your orders and save items in your cart for later.
Before you go, create a free account!
Create an Account
You can store addresses, easily keep track of your orders and save items in your cart for later.
The email format is incorrect, please try again
First Name
Maximum length is 50 characters
Last Name
For security purposes, password must contain:
8-20 characters
At least one upper letter, one lower letter, one number, and one symbol (-_!@#+$%^~&*())
Confirm Password
I agree to opt-in to Lenovo communications and I understand that my data will not be shared.
Please agree the terms and privacy policy
By joining, you agree to the
Terms of Service and you are opting in to receive Lenovo marketing communications via email.
If you would like to earn rewards, you will need to check the join Rewards checkbox above. To create an account without earning Rewards, register below.
Register
The email format is incorrect, please try again.
Must contain 8-20 characters including 1 letter, 1 number and 1 symbol ($!#&)
Sign Out
Login
Create Password
An account with this email already exists. Please sign in or use a different email address.
We’re sorry, there are no locations within {0} miles.
Please update your location or select from available Best Buy locations below that exceed {0} miles.
Please enter a zipcode
Invalid Zip Code, please try again.
Update
Cancel
FPS
Pending_ux
FPS for this system per game
within {Miles} miles
in {Store Name}
TELE DLP Click Here
Best Buy Store,
BEST BUY
Delivery
Delivery Unavailable
No available data
https://cdn.chargeafter.com/promotional-widget/lenovo/widget.min.js
48926fe9bfca6413557d5f1dbba57fc8e94efd2a
Save to:
My List
Create a List
{0} items
View
Create
Label
You must fill in this field
You currently have no saved lists
Guest List
List name is repetition
{0} item
Only a maximum of 15 lists can be created
Maximum character limit 200
Your wish list capacity is full, please remove lists and/or products to wish for more.
List at maximum, please remove items to wish for more products.
Enter One-time Password
Enter One-time Passcode
Code
Submit
Didn't receive the code?
Resend Code
Back
Please resend code after {0} seconds
Shop
Compared
Exclusive Loyalty Price
Loyalty Savings
Your session is about to time out
Click Stay Signed In to continue your session that ends in
minutes
seconds
Sign Out
Stay Signed In
Wishlist
Compare ({sum})
LOYALTY DISCOUNT
Your Price
Delivery
QuickView
View All Details
options
Specs
( WEB EXCLUSIVE)
or
at
Select from
by {startDate}
between {startDate} {endDate}
Delivery
Pickup & Delivery
CTA link destination cart noncto
Accessorize & Buy
Extended Catalog
Select at least one more product to compare
Build Your PC
This Product has recently expired. Please contact your Lenovo Sales Representative to renew this item.
List Price Website
Promotions and special offers are not valid on the site
The website is for business and institutional customers only
Contract pricing has expired. Please contact your Local Lenovo Sales.Rep
Expired
Added To Cart
INFO CENTER
Go to Cart
Continue Shopping
Customers who bought this item also bought
Quantity
Expired
Promociones de Pagos
{maxInstallprice} por mes en {maxInstall} cuotas sin interés. 5% descuento adicional pagando con transferencia.
Ver opciones
Payment Plan Lorem Ipsum
Legal: Consulte las condiciones de financiación con su Entidad Bancaria.
MESES
PAGO MENSUAL
PRECIO FINAL
INTERÉS
Shop
Availability
{num} In Stock
Only {num} Left!
Quantity does not account for units reserved by other {siteName} shoppers
Contact Sales
Item is out of Stock
This item is out of stock. To request a renewal of thisitem please Contact your Lenovo Sales Representative.
You'll need the following information:
Part number: {0}
Contract number: {0}
Yes
No
OUT OF STOCK
This is a recommends products dialog
Top Suggestions
Starting at
View All >
Language
French
English
ไทย
German
繁體中文
Country
Hi
All
Sign In / Create Account
language Selector,${0} is Selected
Join & Shop in Lenovo Pro
Register at Education Store
Pro Tier Benefits
• Save up to an extra 5% on Think everyday pricing
• Purchase up to 10 systems per order (5 more than Lenovo.com)
• Spend $10K, advance to Plus Tier with increased benefits
Plus Tier Benefits
• Save up to an extra 6% on Think everyday pricing
• Purchase up to 25 systems per order (20 more than Lenovo.com)
• Spend $50K, advance for free to Elite Tier with increased benefits
• Take advantage of flexible payment options with TruScale Device as a Service.
Learn More >
Elite Tier Benefits
• Save up to an extra 7% on Think everyday pricing
• Purchase up to 50 systems per order (45 more than Lenovo.com)
• Take advantage of flexible payment options with TruScale Device as a Service.
Learn More >
Partner Benefits
• Access to Lenovo's full product portfolio
• Configure and Purchase at prices better than Lenovo.com
View All Details >
more to reach
PRO Plus
PRO Elite
Congratulations, you have reached Elite Status!
Pro for Business
TEMPORARILY UNAVAILABLE
DISCONTINUED
Temporary Unavailable
Cooming Soon!
We're sorry, the maximum quantity you are able to buy at this amazing eCoupon price is
Sign in or Create an Account to Save Your Cart!
Sign in or Create an Account to Join Rewards
View Cart
Your cart is empty!
Don’t miss out on the latest products and savings — find your next favorite laptop, PC, or accessory today.
Remove
item(s) in cart
Some items in your cart are no longer available. Please visit
cart for more details.
has been deleted
Please review your cart as items have changed.
of
Contains Add-ons
Subtotal
Proceed to Checkout
Yes
No
Popular Searches
What are you looking for today ?
Trending
Recent Searches
Hamburger Menu
{"arrowColor":"","backgroundColor":"#e6f4fa","divideColor":"#DBDBDB","sideMsg":"","data":[{"pcInfo":"","mAndTabInfo":"","bannerInfo":{"t_id":"Page1d727b1b-6d6a-40de-9b2c-eb2ca370df1a","language":{"en_us":"%3Cp%3E%3Cstrong%20style%3D%22text-wrap%3A%20wrap%3B%22%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3ELast%20Chance%20Sale!%20%3C%2Fstrong%3ESave%20up%20to%20%7BsavingPercent%7D%20off%20on%20laptops%20%26amp%3B%20accessories!%20Plus%2C%20free%20shipping.%26nbsp%3B%26nbsp%3B%3Ca%20href%3D%22%2Fd%2Fdeals%2Fdoorbusters%2F%3FIPromoID%3DLEN944203%22%20target%3D%22_self%22%20textvalue%3D%22Shop%20Now%20%26gt%3B%22%3E%3Cstrong%3EShop%20Now%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":""},"id":"Page1d727b1b-6d6a-40de-9b2c-eb2ca370df1a"},"gInfo":""},{"pcInfo":"","mAndTabInfo":"","bannerInfo":{"t_id":"Pageef73574e-7a07-4ecf-91d9-c2409ab6045b","language":{"en_us":"%3Cp%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3EShopping%20for%20a%20business%3F%3C%2Fstrong%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%26nbsp%3BNew%20Lenovo%20Pro%20members%20get%20%24100%20off%20first%20order%20of%20%241%2C000%2B%2C%20exclusive%20savings%20%26amp%3B%201%3A1%20tech%20support.%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Fbusiness%2Fbenefits%2F%3FIPromoID%3DLEN818484%22%20target%3D%22_self%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3ELearn%20More%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3Ca%20href%3D%22%2Fbusiness%2Fbenefits%2F%3FipromoID%3DLEN818484%22%20target%3D%22_self%22%20textvalue%3D%22Learn%20More%20%26gt%3B%22%3E%3Cstrong%3E%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3E%3Cstrong%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3EShopping%20for%20a%20business%3F%3C%2Fstrong%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%26nbsp%3BNew%20Lenovo%20Pro%20members%20get%20%24100%20off%20first%20order%20of%20%241%2C000%2B%2C%20exclusive%20savings%20%26amp%3B%201%3A1%20tech%20support.%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Fbusiness%2Fbenefits%2F%3FIPromoID%3DLEN818484%22%20target%3D%22_self%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3ELearn%20More%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Pageef73574e-7a07-4ecf-91d9-c2409ab6045b"},"gInfo":""},{"pcInfo":"","mAndTabInfo":"","bannerInfo":{"t_id":"Page34118139-2fac-45d9-a263-e3f1a47560a1","language":{"en_us":"%3Cp%3E%3Cstrong%3E%3Cspan%20style%3D%22text-wrap%3A%20wrap%3B%22%3E%3C%2Fspan%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fspan%3E%3C%2Fp%3E%3Cp%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3EOrder%20by%2012%2F23%20at%201PM%20for%20in-time%20holiday%20delivery%20or%20pick%20up%20select%20items%20at%20Best%20Buy%20as%20soon%20as%20today!%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Fd%2Fbopis%2F%3FIPromoID%3DLEN775727%22%20target%3D%22_self%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3EShop%20Pick%20Up%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3Ca%20href%3D%22%2Fd%2Fbopis%2F%3FIPromoID%3DLEN775727%22%20target%3D%22_self%22%3E%3Cstrong%3E%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fspan%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3EOrder%20by%2012%2F23%20at%201PM%20for%20in-time%20holiday%20delivery%20or%20pick%20up%20select%20items%20at%20Best%20Buy%20as%20soon%20as%20today!%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Fd%2Fbopis%2F%3FIPromoID%3DLEN775727%22%20target%3D%22_self%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3EShop%20Pick%20Up%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3Ca%20href%3D%22%2Fd%2Fbopis%2F%3FIPromoID%3DLEN775727%22%20target%3D%22_self%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3E%3C%2Fstrong%3E%3C%2Fa%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fspan%3E%3C%2Fp%3E"},"id":"Page34118139-2fac-45d9-a263-e3f1a47560a1"},"gInfo":""},{"pcInfo":"","mAndTabInfo":"","bannerInfo":{"t_id":"Page51b0f343-f47a-4c86-b790-b2fc8d8577b2","language":{"en_us":"%3Cp%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3EMy%20Lenovo%20Rewards!%20%3C%2Fstrong%3EEarn%203%25-9%25%20in%20rewards%20and%20get%20free%20expedited%20delivery%20on%20select%20products.%26nbsp%3B%3Ca%20href%3D%22%2Faccount%2Frewards%2F%3FIPromoID%3DLEN775755%22%20target%3D%22_self%22%20textvalue%3D%22Join%20for%20Free%20%26gt%3B%22%3E%3Cstrong%3EJoin%20for%20Free%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3E%3Cstrong%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fstrong%3E%3Cstrong%3E%3C%2Fstrong%3E%3Cstrong%3EMy%20Lenovo%20Rewards!%20%3C%2Fstrong%3EEarn%203%25-9%25%20in%20rewards%20and%20get%20free%20expedited%20delivery%20on%20select%20products.%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fspan%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Faccount%2Frewards%2F%3FIPromoID%3DLEN775755%22%20target%3D%22_self%22%20textvalue%3D%22Join%20for%20Free%20%26gt%3B%22%3E%3Cstrong%3EJoin%20for%20Free%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Page51b0f343-f47a-4c86-b790-b2fc8d8577b2"},"gInfo":""},{"pcInfo":"","mAndTabInfo":"","bannerInfo":{"t_id":"Page2581b417-42ef-4267-8422-1f630dcf350f","language":{"en_us":"%3Cp%3E%3Cstrong%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3C%2Fstrong%3E%241%20and%20done!%20Get%20started%20with%20Katapult%20lease-to-own%20today!%E2%80%AFValid%2012%2F16%2F24-1%2F12%2F25***%26nbsp%3B%3Ca%20href%3D%22%2Flandingpage%2Flenovo-financing-options%2F%3FIPromoID%3DLEN771093%22%20target%3D%22_self%22%20textvalue%3D%22Learn%20More%20%26gt%3B%22%3E%3Cstrong%3E%3Cstrong%3ELearn%20More%3C%2Fstrong%3E%20%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E","en":"%3Cp%3E%3Cspan%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%241%20and%20done!%20Get%20started%20with%20Katapult%20lease-to-own%20today!%E2%80%AFValid%2012%2F16%2F24-1%2F12%2F25***%26nbsp%3B%3C%2Fspan%3E%3Ca%20href%3D%22%2Flandingpage%2Flenovo-financing-options%2F%3FIPromoID%3DLEN771093%22%20target%3D%22_self%22%20textvalue%3D%22Learn%20More%20%26gt%3B%22%20style%3D%22text-wrap-mode%3A%20wrap%3B%22%3E%3Cstrong%3E%3Cstrong%3ELearn%20More%3C%2Fstrong%3E%26nbsp%3B%26gt%3B%3C%2Fstrong%3E%3C%2Fa%3E%3C%2Fp%3E"},"id":"Page2581b417-42ef-4267-8422-1f630dcf350f"},"gInfo":""}],"autoRun":true,"displayTerminal":"pc,tablet,mobile","isShowDivide":true}
Last Chance Sale! Save up to {savingPercent} off on laptops & accessories! Plus, free shipping. Shop Now >
Shopping for a business? New Lenovo Pro members get $100 off first order of $1,000+, exclusive savings & 1:1 tech support. Learn More >
Order by 12/23 at 1PM for in-time holiday delivery or pick up select items at Best Buy as soon as today! Shop Pick Up >
My Lenovo Rewards! Earn 3%-9% in rewards and get free expedited delivery on select products. Join for Free >
$1 and done! Get started with Katapult lease-to-own today! Valid 12/16/24-1/12/25*** Learn More >
Vulnerability Disclosure Policy
{"pageComponentDataId":"8a70d6f1-919b-4912-97ff-6e50d3688d0a","keywords":"Laptops, Desktops, Workstations, Tablets","urlPrefix":"AAAAAAAFAAAA","h1":"","description":"Lenovo Security Vault -Vulnerability Disclosure Policy\n","h2":"","h3":"","title":"Vulnerability Disclosure Policy","urlEdit":0,"taxonomyType":"about","taxonomyTypeValue":"1","pagetype2":"","metaData":[],"pagetype1":"","theme":"","robots":"INDEX,FOLLOW","seriesPageCategoryCode":"","pageTypeName":"3W Homepage","adobeCategory":"","pageComponentDataLangCode":"en_us","navposkey":"pc_nav","canonical":"","productNumber":"","pageId":"5b3caaf1-8bf4-4db4-99a0-0fbe6355d780","uri":"/product-security/vulnerability-disclosure-policy/index.html","subjectVariable":"","backgroundImgHeight":"100%","jsFile":"","metaTitle":"Vulnerability Disclosure Policy","backgroundColors":"#ffffff","formData":{"pcText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Pagef01f77c9-d28f-4c51-9a2e-1a68c75a63da"},"mobileText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Page8beeeee6-35d6-4d84-9448-d57dbb0234f8"},"tabletText":{"t_id":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","language":{"en_us":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E","en":"%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20is%20committed%20to%20delivering%20safe%20and%20secure%20products%20and%20services.%20When%20vulnerabilities%20are%20discovered%2C%20we%20work%20diligently%20to%20resolve%20them.%20This%20document%20describes%20Lenovo%E2%80%99s%20policy%20for%20receiving%20reports%20related%20to%20potential%20security%20vulnerabilities%20in%20its%20products%20and%20services%20and%20the%20company%E2%80%99s%20standard%20practice%20with%20regards%20to%20informing%20customers%20of%20verified%20vulnerabilities.%20%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EWhen%20to%20contact%20the%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EContact%20the%20Lenovo%20Product%20Security%20Incident%20Response%20Team%20(PSIRT)%20by%20sending%20an%20email%20to%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bif%20you%20have%20identified%20a%20potential%20security%20vulnerability%20with%20one%20of%20our%20products.%20After%20your%20incident%20report%20is%20received%2C%20the%20appropriate%20personnel%20will%20contact%20you%20to%20follow-up.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETo%20ensure%20confidentiality%2C%20we%20encourage%20you%20to%20encrypt%20any%20sensitive%20information%20you%20send%20to%20us%20via%20email.%26nbsp%3B%20We%20are%20able%20to%20receive%20messages%20encrypted%20using%20OpenPGP.%26nbsp%3B%20For%20a%20copy%20of%20our%20public%20key%20for%20sending%20encrypted%20email%20go%26nbsp%3B%3Ca%20href%3D%22https%3A%2F%2Fdownload.lenovo.com%2Flenovo%2Fcontent%2Fpsirt%2Flenovo_psirt_key.asc%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ehere%3C%2Fa%3E.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EThe%26nbsp%3B%3Ca%20href%3D%22mailto%3Apsirt%40lenovo.com%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Epsirt%40lenovo.com%3C%2Fa%3E%26nbsp%3Bemail%20address%20is%20intended%20ONLY%20for%20the%20purpose%20of%20reporting%20product%20or%20service%20security%20vulnerabilities%20specific%20to%20our%20products%20or%20services.%26nbsp%3B%20For%20technical%20support%20information%20on%20our%20products%20or%20services%2C%20please%20visit%26nbsp%3B%3Ca%20target%3D%22_blank%22%20href%3D%22%2Fsupport%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fsupport%3C%2Fa%3E.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ELenovo%20strives%20to%20acknowledge%20receipt%20of%20all%20submitted%20reports%20within%20two%20business%20days.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3EReceiving%20security%20information%20from%20Lenovo%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ESecurity%20Advisories%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ESecurity%20advisories%20related%20to%20our%20products%20and%20services%20are%20posted%20on%20our%20security%20web%20site%20at%26nbsp%3B%3Ca%20href%3D%22%2Fproduct_security%2Fadvisories%2F%22%20style%3D%22box-sizing%3A%20border-box%3B%20background-color%3A%20transparent%3B%20color%3A%20rgb(59%2C%20148%2C%20217)%3B%20text-decoration-line%3A%20none%3B%20outline%3A%200px%3B%22%3Ewww.lenovo.com%2Fproduct_security%2Fadvisories%3C%2Fa%3E.%20In%20most%20cases%2C%20we%20will%20issue%20a%20notice%20when%20we%20have%20identified%20a%20practical%20workaround%20or%20fix%20for%20the%20particular%20security%20vulnerability%2C%20though%20there%20may%20be%20instances%20when%20we%20issue%20a%20notice%20in%20the%20absence%20of%20a%20workaround%20when%20the%20vulnerability%20has%20become%20widely%20known%20to%20the%20security%20community.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20cases%20where%20a%20third%20party%20notifies%20Lenovo%20of%20a%20potential%20vulnerability%20found%20in%20our%20products%20we%20will%20investigate%20the%20finding%20and%20may%20publish%20a%20coordinated%20disclosure%20along%20with%20the%20third%20party.%26nbsp%3B%20In%20some%20instances%2C%20Lenovo%20may%20receive%20information%20about%20a%20security%20vulnerability%20from%20a%20supplier%20under%20a%20confidentiality%20or%20non-disclosure%20agreement%20or%20under%20embargo.%26nbsp%3B%20In%20these%20cases%2C%20Lenovo%20will%20work%20with%20the%20supplier%20to%20request%20that%20a%20security%20fix%20is%20released%20although%20we%20may%20not%20be%20able%20to%20provide%20details%20about%20the%20security%20vulnerability.%26nbsp%3B%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3ELenovo%20does%20not%20publish%20security%20advisories%20for%20open%20source%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3ERelease%20Notes%20(readme%20or%20change%20history)%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20security%20updates%20will%20reference%20either%20the%20CVE%20or%20the%20internal%20LEN%20tracking%20number.%20Both%20are%20included%20in%20our%20published%20security%20advisories%20as%20applicable.%26nbsp%3B%20When%20Lenovo%20believes%20it%20is%20in%20the%20customer%E2%80%99s%20best%20interest%20to%20update%20as%20soon%20as%20possible%2C%20the%20remediation%20may%20be%20released%20ahead%20of%20the%20security%20advisory.%26nbsp%3B%20Once%20the%20advisory%20has%20been%20published%2C%20information%20about%20the%20vulnerability%20can%20be%20found%20by%20referencing%20the%20LEN%20tracking%20number%20from%20the%20release%20notes.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EInformation%20included%20in%20Release%20Notes%20related%20to%20open%20source%20vulnerability%20remediation%20will%20include%20published%20CVEs.%26nbsp%3B%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ESeverity%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIn%20scoring%20or%20rating%20vulnerabilities%2C%20Lenovo%20follows%20standard%20industry%20best%20practices%20to%20designate%20the%20vulnerability%E2%80%99s%20potential%20impact%20as%20High%2C%20Medium%20or%20Low.%26nbsp%3B%20This%20approach%20follows%20the%20Common%20Vulnerability%20Scoring%20System%20(CVSS%2C%20which%20provides%20an%20open%20framework%20for%20communicating%20the%20characteristics%20and%20impacts%20of%20IT%20vulnerabilities.%20CVSS%20enables%20IT%20managers%2C%20vulnerability%20bulletin%20providers%2C%20security%20vendors%2C%20application%20vendors%2C%20and%20researchers%20to%20all%20benefit%20by%20adopting%20a%20common%20language%20of%20scoring%20IT%20vulnerabilities.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EProduct%20Impact%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EGenerally%2C%20security%20advisories%20include%20a%20list%20of%20Lenovo%20products%20with%20a%20status%20of%20Affected%2C%20Not%20Affected%20or%20Researching.%26nbsp%3B%20Affected%20products%20will%20include%20a%20link%20to%20the%20fix%20which%20can%20be%20downloaded%20from%20the%20Lenovo%20Support%20site%20(where%20all%20updates%20are%20maintained)%20or%20a%20recommended%20workaround%20and%2For%20a%20target%20date%20for%20a%20remediation.%26nbsp%3B%20In%20cases%20where%20the%20vulnerability%20is%20specific%20to%20a%20particular%20set%20of%20products%2C%20Lenovo%20may%20only%20provide%20a%20list%20of%20the%20affected%20products.%20%26nbsp%3BOn%20occasion%2C%20Lenovo%20may%20find%20it%20necessary%20to%20publish%20a%20security%20advisory%20in%20advance%20of%20completing%20an%20impact%20assessment%20across%20all%20products.%26nbsp%3B%20In%20these%20cases%2C%20a%20status%20of%20Researching%20will%20be%20shown.%26nbsp%3B%20It%20is%20recommended%20that%20customers%20visit%20the%20security%20advisory%20site%20to%20stay%20current%20with%20the%20advisory%20status.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EReferences%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EIf%20additional%20information%20on%20the%20vulnerability%20is%20available%2C%20the%20advisory%20will%20provide%20links%20as%20a%20reference.%26nbsp%3B%20This%20includes%20links%20to%20the%20CVE%20or%20blog%20or%20article%20citations.%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3EAcknowledgement%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3ETypically%2C%20we%20look%20to%20acknowledge%20the%20researcher%20or%20finder%20of%20the%20vulnerability%20and%2C%20with%20their%20permission%2C%20will%20provide%20them%20with%20a%20credit.%26nbsp%3B%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cstrong%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3Cspan%20style%3D%22box-sizing%3A%20border-box%3Btext-decoration%3Aunderline%3B%22%3ERevision%20History%3C%2Fspan%3E%3C%2Fstrong%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3E%3Cbr%20style%3D%22box-sizing%3A%20border-box%3B%22%2F%3EWhen%20updates%20are%20made%20to%20an%20advisory%2C%20the%20revision%20history%20will%20show%20what%20was%20updated%20and%20when.%3C%2Fp%3E%3Cp%20class%3D%22subpage-bodycopy%22%20style%3D%22box-sizing%3A%20border-box%3B%20margin-top%3A%2011px%3B%20margin-bottom%3A%2010px%3B%20padding%3A%200px%2040px%200px%200px%3B%20list-style%3A%20none%3B%20border-top%3A%20none%3B%20border-right%3A%201px%20none%20rgb(0%2C%200%2C%200)%3B%20border-bottom%3A%20none%3B%20border-left%3A%20none%3B%20border-image%3A%20initial%3B%20font-family%3A%20Lato%2C%20sans-serif%3B%20line-height%3A%201.4em%3B%20color%3A%20rgb(51%2C%2051%2C%2051)%3B%20white-space%3A%20normal%3B%20background-color%3A%20rgb(255%2C%20255%2C%20255)%3B%22%3EWe%20make%20the%20best%20effort%20possible%20to%20resolve%20vulnerabilities%20in%20supported%20products%20as%20quickly%20as%20possible.%20However%2C%20no%20guaranteed%20level%20of%20response%20applies%20for%20any%20specific%20issue%20or%20class%20of%20issues%20due%20to%20factors%20such%20as%20fix%20complexity%2C%20quality%20testing%2C%20embargoes%2C%20and%20cross-vendor%20coordination.%3C%2Fp%3E%3Cp%3E%3Cbr%2F%3E%3C%2Fp%3E"},"id":"Pageac8c355a-9bd2-480c-8fb5-537adbcbbbc9"}}}
Lenovo is committed to delivering safe and secure products and services. When vulnerabilities are discovered, we work diligently to resolve them. This document describes Lenovo’s policy for receiving reports related to potential security vulnerabilities in its products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities. When to contact the Product Security Incident Response Team (PSIRT) Contact the Lenovo Product Security Incident Response Team (PSIRT) by sending an email to psirt@lenovo.com if you have identified a potential security vulnerability with one of our products. After your incident report is received, the appropriate personnel will contact you to follow-up. To ensure confidentiality, we encourage you to encrypt any sensitive information you send to us via email. We are able to receive messages encrypted using OpenPGP. For a copy of our public key for sending encrypted email go here .
The psirt@lenovo.com email address is intended ONLY for the purpose of reporting product or service security vulnerabilities specific to our products or services. For technical support information on our products or services, please visit www.lenovo.com/support . Lenovo strives to acknowledge receipt of all submitted reports within two business days.
Receiving security information from Lenovo Security Advisories Security advisories related to our products and services are posted on our security web site at www.lenovo.com/product_security/advisories . In most cases, we will issue a notice when we have identified a practical workaround or fix for the particular security vulnerability, though there may be instances when we issue a notice in the absence of a workaround when the vulnerability has become widely known to the security community. In cases where a third party notifies Lenovo of a potential vulnerability found in our products we will investigate the finding and may publish a coordinated disclosure along with the third party. In some instances, Lenovo may receive information about a security vulnerability from a supplier under a confidentiality or non-disclosure agreement or under embargo. In these cases, Lenovo will work with the supplier to request that a security fix is released although we may not be able to provide details about the security vulnerability.
Lenovo does not publish security advisories for open source vulnerabilities.
Release Notes (readme or change history) Information included in Release Notes related to security updates will reference either the CVE or the internal LEN tracking number. Both are included in our published security advisories as applicable. When Lenovo believes it is in the customer’s best interest to update as soon as possible, the remediation may be released ahead of the security advisory. Once the advisory has been published, information about the vulnerability can be found by referencing the LEN tracking number from the release notes. Information included in Release Notes related to open source vulnerability remediation will include published CVEs.
Severity In scoring or rating vulnerabilities, Lenovo follows standard industry best practices to designate the vulnerability’s potential impact as High, Medium or Low. This approach follows the Common Vulnerability Scoring System (CVSS, which provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors, and researchers to all benefit by adopting a common language of scoring IT vulnerabilities.
Product Impact Generally, security advisories include a list of Lenovo products with a status of Affected, Not Affected or Researching. Affected products will include a link to the fix which can be downloaded from the Lenovo Support site (where all updates are maintained) or a recommended workaround and/or a target date for a remediation. In cases where the vulnerability is specific to a particular set of products, Lenovo may only provide a list of the affected products. On occasion, Lenovo may find it necessary to publish a security advisory in advance of completing an impact assessment across all products. In these cases, a status of Researching will be shown. It is recommended that customers visit the security advisory site to stay current with the advisory status.
References If additional information on the vulnerability is available, the advisory will provide links as a reference. This includes links to the CVE or blog or article citations.Acknowledgement Typically, we look to acknowledge the researcher or finder of the vulnerability and, with their permission, will provide them with a credit. Revision History When updates are made to an advisory, the revision history will show what was updated and when.
We make the best effort possible to resolve vulnerabilities in supported products as quickly as possible. However, no guaranteed level of response applies for any specific issue or class of issues due to factors such as fix complexity, quality testing, embargoes, and cross-vendor coordination.