Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2748

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-27 Mar, 2019 | 16:01
Updated At-05 Aug, 2024 | 14:02
Rejected At-
Credits

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:27 Mar, 2019 | 16:01
Updated At:05 Aug, 2024 | 14:02
Rejected At:
▼CVE Numbering Authority (CNA)

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

Affected Products
Vendor
Isaac Mizrahi
Product
Isaac Mizrahi Smartwatch Mobile App
Versions
Affected
  • Isaac Mizrahi iOS app versions 1.0.2.10
  • 1.2.2.12
  • 1.3.7
  • and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214
  • 1.2.2016040820
  • 1.3.2016052319
  • 1.4.2016072601
Problem Types
TypeCWE IDDescription
textN/AInsecure HTTP during login.
Type: text
CWE ID: N/A
Description: Insecure HTTP during login.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/c05976868
x_refsource_CONFIRM
Hyperlink: https://support.hp.com/us-en/document/c05976868
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/c05976868
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.hp.com/us-en/document/c05976868
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:27 Mar, 2019 | 17:29
Updated At:29 Mar, 2019 | 16:39

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.0.2.10
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.2.10:*:*:*:*:iphone_os:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.0.201601214
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.201601214:*:*:*:*:android:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.2.2.12
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2.12:*:*:*:*:iphone_os:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.2.2016040820
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2016040820:*:*:*:*:android:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.3.7
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.7:*:*:*:*:iphone_os:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.3.2016052319
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.2016052319:*:*:*:*:android:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.4.8
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.8:*:*:*:*:iphone_os:*:*
HP Inc.
hp
>>isaac_mizrahi_smartwatch>>1.4.2016072601
cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.2016072601:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-254Primarynvd@nist.gov
CWE ID: CWE-254
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/c05976868hp-security-alert@hp.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/c05976868
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

116Records found
CVE-2021-29722
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.05%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2013-4817
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 70.82%
||
7 Day CHG~0.00%
Published-23 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-icewall_sso_agent_optionn/a
CVE-2021-26586
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.24%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:40
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).

Action-Not Available
Vendor-n/aHP Inc.
Product-edgeline_infrastructure_managementHPE Edgeline Infrastructure Management Software
CVE-2021-20373
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.65%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CVE-2012-3248
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.69% / 70.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-fortify_software_security_centern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2017-2752
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-2.1||LOW
EPSS-0.11% / 29.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 16:14
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.

Action-Not Available
Vendor-Tommy HilfigerHP Inc.
Product-tommy_hilfiger_th24\/7Tommy Hilfiger TH24/7 Android app
CWE ID-CWE-254
Not Available
CVE-2016-9071
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 63.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-254
Not Available
CVE-2016-0332
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.08%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_identity_manager_virtual_appliancen/a
CWE ID-CWE-254
Not Available
CVE-2014-1428
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-2||LOW
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uuid.uuid1() is not suitable as an unguessable identifier/token

A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.

Action-Not Available
Vendor-Canonical Ltd.Ubuntu
Product-metal_as_a_serviceMAAS
CWE ID-CWE-254
Not Available
CVE-2016-9900
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-254
Not Available
CVE-2019-5495
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.02%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 19:12
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-NetApp, Inc.
Product-oncommand_unified_managerOnCommand Unified Manager for VMware vSphere,Linux and Windows 7.2 and above
CWE ID-CWE-254
Not Available
CVE-2019-10059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.68%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:28
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-254
Not Available
CVE-2018-0353
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.83%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 12:00
Updated-29 Nov, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-web_security_applianceCisco Web Security Appliance unknown
CWE ID-CWE-254
Not Available
CVE-2017-8227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.01%
||
7 Day CHG-0.12%
Published-03 Jul, 2019 | 19:33
Updated-05 Aug, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value "Sender not authorized."

Action-Not Available
Vendor-n/aAmcrest Industries LLC.
Product-ipm-721sipm-721s_firmwaren/a
CWE ID-CWE-254
Not Available
CVE-2017-18476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 12:46
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-254
Not Available
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found