← Back

CVE-2022-0732

nvd nist
Published: Feb 24, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.

Affected (9)

1byte
9 products
Copy9
Exactspy
Fonetracker
Guestspy
Ispyoo
Mxspy
Secondclone
The Truth Spy
Thespyapp
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Copy9
All versions
Exactspy
All versions
Fonetracker
All versions
Guestspy
All versions
Ispyoo
All versions
Mxspy
All versions
Secondclone
All versions
The Truth Spy
All versions
Thespyapp
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (8)

Source: cret@cert.org
Not Applicable
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Press/Media CoverageThird Party Advisory
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.