CVE-2017-2748

HIGH

HP Isaac Mizrahi Smartwatch - Insecure HTTP Login Transaction

Title source: llm
STIX 2.1

Description

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hp.com/us-en/document/c05976868

Scores

CVSS v3 7.5
EPSS 0.0103
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-254
Status published
Products (8)
hp/isaac_mizrahi_smartwatch 1.0.2.10
hp/isaac_mizrahi_smartwatch 1.0.201601214
hp/isaac_mizrahi_smartwatch 1.2.2.12
hp/isaac_mizrahi_smartwatch 1.2.2016040820
hp/isaac_mizrahi_smartwatch 1.3.7
hp/isaac_mizrahi_smartwatch 1.3.2016052319
hp/isaac_mizrahi_smartwatch 1.4.8
hp/isaac_mizrahi_smartwatch 1.4.2016072601
Published Mar 27, 2019
Tracked Since Feb 18, 2026