ICU Scandinavia Boomerang Information Disclosure Vulnerability

Vulnerability

A vulnerability in ICU Scandinavia Boomerang allows for information disclosure by exposing sensitive credential files via static HTTP. This flaw affects all versions prior to 2.4.18.029. An unauthenticated remote attacker can retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive credentials, including service account and SMTP details, which are exposed in plaintext.

Remediation

Users can upgrade to version 2.4.18.029 to address this vulnerability.

Added: Jul 15, 2026, 1:58 PM
Updated: Jul 15, 2026, 1:58 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
7.4
remediation
0.0
relevance
9.7
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.