Abstract Advisory Information
A non-admin user with user management permission can gain access to an admin account in all incapptic Connect versions with incapptic Connect user authentication.
Authors: Dominique Righetto from Excellium-services company
Versions: All incapptic Connect versions.
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 21/02/2022: Vulnerability discovery
- 21/02/2022: Vulnerability Report to CERT-XLM
- 21/02/2022: Vulnerability Report to Vendor
- 25/02/2022: Vulnerability Report to Vendor
- 11/03/2022: Vulnerability Report to Vendor
- 11/03/2022: Acknowledge from vendor
- 18/03/2022: Asked Vendor if a patch is planned
- 21/03/2022: CVE ID assigned CVE-2022-22572
- 28/03/2022: Security advisory published
Find more vulnerabilities in our Security Advisory section.