CVE-2022-22572

CVE-2022-22572

by mathildeexlm

Abstract Advisory Information

A non-admin user with user management permission can gain access to an admin account in all incapptic Connect versions with incapptic Connect user authentication.

Authors: Dominique Righetto from Excellium-services company

Version affected

Name: Incapptic
Versions: All incapptic Connect versions.

Common Vulnerability Scoring System

6.5-CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Patches

version 1.40.2

References

Vulnerability Disclosure Timeline

  • 21/02/2022: Vulnerability discovery
  • 21/02/2022: Vulnerability Report to CERT-XLM
  • 21/02/2022: Vulnerability Report to Vendor
  • 25/02/2022: Vulnerability Report to Vendor
  • 11/03/2022: Vulnerability Report to Vendor
  • 11/03/2022: Acknowledge from vendor
  • 18/03/2022: Asked Vendor if a patch is planned
  • 21/03/2022: CVE ID assigned CVE-2022-22572
  • 28/03/2022: Security advisory published

Find more vulnerabilities in our Security Advisory section.

Top