cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lenovo System Update vulnerability - 5.7.0.136?

A security advisory for older versions of Lenovo System Update is being detected for devices in my network.

Flexera's associated security advisory recommends updating to the following version (or newer):

5.07.0106

The latest available update I've installed, from Lenovo, is detected by Flexera SVM as:

5.7.0.136

Lenovo's website, shows the latest version as:

5.07.0136 (Windows also reports this installed version number)

This is the latest version available.  However, due to the version numbering , it seems like SVM is picking up the latest version of system update as an older revision?

(1) Solution
raslam
By Level 7 Flexeran
Level 7 Flexeran

Thanks for reporting this, it seems like the vendor messed up with product versioning metadata and therefore SVM is flagging the latest version as insecure. Please open a ticket with Flexera SVM support via your Flexera Support community portal and our file signature team will look into this and will get back to you. 

View solution in original post

(2) Replies
raslam
By Level 7 Flexeran
Level 7 Flexeran

Thanks for reporting this, it seems like the vendor messed up with product versioning metadata and therefore SVM is flagging the latest version as insecure. Please open a ticket with Flexera SVM support via your Flexera Support community portal and our file signature team will look into this and will get back to you. 

OK, will do.  Thanks!