Lucene search
CertccCVELIST:CVE-2022-0732HistoryFeb 24, 2022 - 4:10 p.m.
CVE-2022-0732
2022-02-2416:10:11
CWE-284
certcc
www.cve.org
8
backend
idor vulnerability
infrastructure
api requests
authentication
authorization
mobile device monitoring services
EPSS
0.002
Percentile
51.4%
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
CNA Affected
[
{
"product": "Copy9",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "FoneTracker",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "iSpyoo",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "GuestSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "TheSpyApp",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "ExactSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "SecondClone",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "The Truth Spy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "MxSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
cve
cve
CVE-2022-0732
2022-02-24 16:15:08
malwarebytes
malwarebytes
TheTruthSpy stalkerware, still insecure, still leaking data
2024-02-13 16:51:29
nvd
nvd
CVE-2022-0732
2022-02-24 16:15:08
talosblog
talosblog
Why the toothbrush DDoS story fooled us all
2024-02-15 19:00:43
cert
cert
Mobile device monitoring services do not authenticate API requests
2022-02-22 00:00:00
prion
prion
Design/Logic Flaw
2022-02-24 16:15:00
ics
ics
Preventing Web Application Access Control Abuse
2023-07-27 12:00:00