The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/284.html | Not Applicable |
https://kb.cert.org/vuls/id/229438 | Third Party Advisory US Government Resource |
https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/ | Press/Media Coverage Third Party Advisory |
https://www.kb.cert.org/vuls/id/229438 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
27 Jun 2023, 18:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 |
08 Mar 2022, 15:54
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
1byte ispyoo
1byte copy9 1byte mxspy 1byte the Truth Spy 1byte secondclone 1byte exactspy 1byte thespyapp 1byte fonetracker 1byte guestspy 1byte |
|
References | (CERT-VN) https://kb.cert.org/vuls/id/229438 - Third Party Advisory, US Government Resource | |
References | (CERT-VN) https://www.kb.cert.org/vuls/id/229438 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/ - Press/Media Coverage, Third Party Advisory | |
References | (MISC) https://cwe.mitre.org/data/definitions/284.html - Not Applicable | |
CPE | cpe:2.3:a:1byte:secondclone:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:fonetracker:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:ispyoo:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:the_truth_spy:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:thespyapp:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:guestspy:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:copy9:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:exactspy:-:*:*:*:*:*:*:* cpe:2.3:a:1byte:mxspy:-:*:*:*:*:*:*:* |
25 Feb 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Feb 2022, 16:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0732
Mitre link : CVE-2022-0732
CVE.ORG link : CVE-2022-0732
JSON object : View
Products Affected
1byte
- mxspy
- thespyapp
- secondclone
- the_truth_spy
- guestspy
- copy9
- fonetracker
- exactspy
- ispyoo