ICU Scandinavia Boomerang
- < 2.4.18.029
A vulnerability in ICU Scandinavia Boomerang allows for information disclosure by exposing sensitive credential files via static HTTP. This flaw affects all versions prior to 2.4.18.029. An unauthenticated remote attacker can retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot.
Exploitation of this vulnerability leads to unauthorized access to sensitive credentials, including service account and SMTP details, which are exposed in plaintext.
Users can upgrade to version 2.4.18.029 to address this vulnerability.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.