Potential theft of credentials and UI hijack
Source: HP, HP Product Security Response Team (PSRT)
Reported by: Jerry Decime
A potential security vulnerability caused by the use of unsecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
VULNERABILITY SUMMARY
Reference
|
Base vector
|
Base score
|
CVE-2017-2748
|
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
5.3
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
GN
|
HP General Software
|