CVE-2022-0732

{"id": "CVE-2022-0732", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-24T16:15:08.070", "references": [{"url": "https://cwe.mitre.org/data/definitions/284.html", "tags": ["Not Applicable"], "source": "cret@cert.org"}, {"url": "https://kb.cert.org/vuls/id/229438", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/", "tags": ["Press/Media Coverage", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/229438", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}, {"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability."}, {"lang": "es", "value": "La infraestructura de backend compartida por m\u00faltiples servicios de monitorizaci\u00f3n de dispositivos m\u00f3viles no autentica o autoriza apropiadamente las peticiones de la API, creando una vulnerabilidad IDOR (Insecure Direct Object Reference)"}], "lastModified": "2023-06-27T18:11:52.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:1byte:copy9:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D05E360-188A-425D-838B-00F69E7E7F3A"}, {"criteria": "cpe:2.3:a:1byte:exactspy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B2F4089-F95D-4976-BAD0-C2BB77881EEF"}, {"criteria": "cpe:2.3:a:1byte:fonetracker:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901179BF-2D7C-4288-95B3-C29CEA9A2C32"}, {"criteria": "cpe:2.3:a:1byte:guestspy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAB57B32-2856-48DC-AE11-865F708C6E98"}, {"criteria": "cpe:2.3:a:1byte:ispyoo:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0C9BBF-DC7D-4AE9-9B4B-3694C3B26DA7"}, {"criteria": "cpe:2.3:a:1byte:mxspy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE4736C-5109-4981-BBBF-4CE0A2103E43"}, {"criteria": "cpe:2.3:a:1byte:secondclone:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F1FDCDB-9239-4B4B-88D5-816AAEFEC45F"}, {"criteria": "cpe:2.3:a:1byte:the_truth_spy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC7496EC-73B0-4AF7-A28C-CD1403CDF1D4"}, {"criteria": "cpe:2.3:a:1byte:thespyapp:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBF2ECC0-C54A-4EB1-A23C-B2E327BC29FB"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}