From 60131390f482cc6adf2a43daeb378b9a301cd2c2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 30 Nov 2017 13:10:31 -0500 Subject: [PATCH] - Added submission from Lenovo for LEN-16335 from 2017-11-30. --- 2017/3xxx/CVE-2017-3764.json | 49 +++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/2017/3xxx/CVE-2017-3764.json b/2017/3xxx/CVE-2017-3764.json index 5d7ef3ac7f6..3e8aa4160bf 100644 --- a/2017/3xxx/CVE-2017-3764.json +++ b/2017/3xxx/CVE-2017-3764.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "psirt@lenovo.com", + "DATE_PUBLIC" : "2017-11-30T00:00:00", "ID" : "CVE-2017-3764", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "xClarity Administrator", + "version" : { + "version_data" : [ + { + "version_value" : "Earlier than 1.4.0" + } + ] + } + } + ] + }, + "vendor_name" : "Lenovo Group Ltd." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A vulnerability was identified in Lenovo XClarity Administrator (LXCA) where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Unauthenticated User Enumeration" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://support.lenovo.com/us/en/product_security/LEN-16335" } ] }