The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
[
{
"product": "Copy9",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "FoneTracker",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "iSpyoo",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "GuestSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "TheSpyApp",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "ExactSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "SecondClone",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "The Truth Spy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "MxSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]