CVE-2022-46081

2023-01-0400:00:00

mitre

www.cve.org

garmin

connect

livetrack

api

vulnerability

personal information

0.002 Low

EPSS

Percentile

51.4%

JSON

In Garmin Connect 4.61, terminating a LiveTrack session wouldn’t prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product.

References

www.samwallace.dev/research/Harvesting%20Emails%20with%20Expired%20Garmin%20LiveTrack%20Sessions

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-46081