cpe:/a:lenovo:service_framework:-::~~~android~~ CVE-2017-3759 2017-10-17T16:29:00.290-04:00 2017-11-08T12:07:32.073-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-11-06T13:48:33.120-05:00 CONFIRM https://support.lenovo.com/us/en/product_security/LEN-15374 The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.