Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Static-HTTP file retrieval is network-reachable and unauthenticated (AV:N/PR:N/UI:N/AC:L); impact is plaintext credential disclosure only, so C:H with I:N/A:N; vendor's AV:A is noted as a possible exposure limit.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This issue has been fixed in version 2.4.18.029
AnalysisAI
Information disclosure in ICU Scandinavia Boomerang (versions prior to 2.4.18.029) lets an unauthenticated attacker retrieve plaintext service-account and SMTP credentials by requesting specific XML configuration files served as static content from the webroot. The exposed credentials enable follow-on compromise of connected mail and service accounts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the Boomerang web listener and knowledge (or enumeration) of the specific XML file paths under the webroot; no authentication, privileges, or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderate and partially conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with reachability to the Boomerang web server requests a known XML file path under the webroot over plain HTTP and receives the file containing plaintext SMTP and service-account credentials. The attacker then uses those SMTP credentials to send authenticated mail (phishing/spam) and the service-account credentials to pivot into connected systems. … |
| Remediation | Vendor-released patch: upgrade to Boomerang 2.4.18.029, which remediates the exposure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Boomerang deployments and confirm version numbers; immediately restrict network access to the webroot and disable serving of XML configuration files if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. Rated critical severity
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. Rated medium severity (C
Missing authorization on device receiver endpoints in ICU Scandinavia Boomerang exposes facility and quality-assurance i
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44666
GHSA-pc6h-25p2-384f