CVE-2017-2748 - OpenCVE

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Isaac Mizrahi Smartwatch

Configuration 1 [-]

OR	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.2.10:::::iphone_os::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.201601214:::::android::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2.12:::::iphone_os::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2016040820:::::android::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.7:::::iphone_os::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.2016052319:::::android::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.8:::::iphone_os::
	cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.2016072601:::::android::

No data.

References

Link	Providers
https://support.hp.com/us-en/document/c05976868

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2019-03-27T16:01:47

Updated: 2024-08-05T14:02:07.706Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2748

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-27T17:29:00.340

Modified: 2019-03-29T16:39:28.373

Link: CVE-2017-2748

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Isaac Mizrahi Smartwatch Mobile App", "vendor": "Isaac Mizrahi", "versions": [{"status": "affected", "version": "Isaac Mizrahi iOS app versions 1.0.2.10"}, {"status": "affected", "version": "1.2.2.12"}, {"status": "affected", "version": "1.3.7"}, {"status": "affected", "version": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214"}, {"status": "affected", "version": "1.2.2016040820"}, {"status": "affected", "version": "1.3.2016052319"}, {"status": "affected", "version": "1.4.2016072601"}]}], "datePublic": "2018-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."}], "problemTypes": [{"descriptions": [{"description": "Insecure HTTP during login.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-27T16:01:47", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hp.com/us-en/document/c05976868"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2017-2748", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Isaac Mizrahi Smartwatch Mobile App", "version": {"version_data": [{"version_value": "Isaac Mizrahi iOS app versions 1.0.2.10"}, {"version_value": "1.2.2.12"}, {"version_value": "1.3.7"}, {"version_value": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214"}, {"version_value": "1.2.2016040820"}, {"version_value": "1.3.2016052319"}, {"version_value": "1.4.2016072601"}]}}]}, "vendor_name": "Isaac Mizrahi"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure HTTP during login."}]}]}, "references": {"reference_data": [{"name": "https://support.hp.com/us-en/document/c05976868", "refsource": "CONFIRM", "url": "https://support.hp.com/us-en/document/c05976868"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.706Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hp.com/us-en/document/c05976868"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2017-2748", "datePublished": "2019-03-27T16:01:47", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:07.706Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.2.10:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "8E7F98E9-9344-4060-BE90-87A3F2408179", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.0.201601214:*:*:*:*:android:*:*", "matchCriteriaId": "6F08A4CF-6D1C-41AA-9AD4-10D5F118A182", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2.12:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "A1E5459D-772C-4B54-83D2-C3AE39792606", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.2.2016040820:*:*:*:*:android:*:*", "matchCriteriaId": "5C183EB0-D056-47CA-9B1A-682EFE538B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.7:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "C640A169-5D67-4C34-B547-8A3A46691FD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.3.2016052319:*:*:*:*:android:*:*", "matchCriteriaId": "84ACB156-7F29-4CD3-971C-DD021EF4CE77", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.8:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "B617851A-688C-420D-8FB1-227CCF51CEF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:isaac_mizrahi_smartwatch:1.4.2016072601:*:*:*:*:android:*:*", "matchCriteriaId": "1B913ED9-0864-4DDF-86A7-160C4CFDEAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."}, {"lang": "es", "value": "Se ha identificado una potencial vulnerabilidad de seguridad provocada por el uso de transacciones inseguras (http) durante el inicio de sesi\u00f3n en versiones antiguas de la aplicaci\u00f3n m\u00f3vil \"Smartwatch\", de Isaac Mizrahi. HP no tiene acceso a los datos del cliente como consecuencia de este problema."}], "id": "CVE-2017-2748", "lastModified": "2019-03-29T16:39:28.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-27T17:29:00.340", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hp.com/us-en/document/c05976868"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}