CVE-2022-0732

Published Feb 24, 2022

Last updated 3 months ago

CVSS high 7.5

Overview

Description: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

cret@cert.org: CWE-284
nvd@nist.gov: CWE-639

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:1byte:copy9:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D05E360-188A-425D-838B-00F69E7E7F3A"
          },
          {
            "criteria": "cpe:2.3:a:1byte:exactspy:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B2F4089-F95D-4976-BAD0-C2BB77881EEF"
          },
          {
            "criteria": "cpe:2.3:a:1byte:fonetracker:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "901179BF-2D7C-4288-95B3-C29CEA9A2C32"
          },
          {
            "criteria": "cpe:2.3:a:1byte:guestspy:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAB57B32-2856-48DC-AE11-865F708C6E98"
          },
          {
            "criteria": "cpe:2.3:a:1byte:ispyoo:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C0C9BBF-DC7D-4AE9-9B4B-3694C3B26DA7"
          },
          {
            "criteria": "cpe:2.3:a:1byte:mxspy:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AE4736C-5109-4981-BBBF-4CE0A2103E43"
          },
          {
            "criteria": "cpe:2.3:a:1byte:secondclone:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F1FDCDB-9239-4B4B-88D5-816AAEFEC45F"
          },
          {
            "criteria": "cpe:2.3:a:1byte:the_truth_spy:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC7496EC-73B0-4AF7-A28C-CD1403CDF1D4"
          },
          {
            "criteria": "cpe:2.3:a:1byte:thespyapp:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBF2ECC0-C54A-4EB1-A23C-B2E327BC29FB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References