Universal Device Client
by Lenovo
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6026 | Low | 0.20 | 3.1 | 0.00 | Oct 15, 2025 | An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data. | ||
| CVE-2023-6338 | 0.00 | — | 0.00 | Jan 3, 2024 | Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||
| CVE-2023-3078 | 0.00 | — | 0.00 | Aug 17, 2023 | An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. |
- risk 0.20cvss 3.1epss 0.00
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
- CVE-2023-6338Jan 3, 2024risk 0.00cvss —epss 0.00
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
- CVE-2023-3078Aug 17, 2023risk 0.00cvss —epss 0.00
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.