CVE-2017-11706

HIGH

Boozt Fashion <2.3.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site."

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0141
EPSS Percentile 69.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
boozt/boozt < 2.3.3
Published Jul 28, 2017
Tracked Since Feb 18, 2026