Vulnerabilities > Lenovo > Service Framework

DATE CVE VULNERABILITY TITLE RISK
2017-10-17 CVE-2017-3761 OS Command Injection vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input.
network
low complexity
lenovo CWE-78
critical
9.8
2017-10-17 CVE-2017-3760 Insufficiently Protected Credentials vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data.
network
high complexity
lenovo CWE-522
8.1
2017-10-17 CVE-2017-3759 Improper Input Validation vulnerability in Lenovo Service Framework
The Lenovo Service Framework Android application accepts some responses from the server without proper validation.
network
high complexity
lenovo CWE-20
8.1
2017-10-17 CVE-2017-3758 Unspecified vulnerability in Lenovo Service Framework
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
network
low complexity
lenovo
critical
9.8