Lucene search
CertccCVELIST:CVE-2022-0732HistoryFeb 22, 2022 - 12:00 a.m.
CVE-2022-0732
2022-02-2200:00:00
CWE-284
certcc
www.cve.org
3
0.002 Low
EPSS
Percentile
51.4%
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
CNA Affected
[
{
"product": "Copy9",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "FoneTracker",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "iSpyoo",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "GuestSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "TheSpyApp",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "ExactSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "SecondClone",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "The Truth Spy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"product": "MxSpy",
"vendor": "1Byte",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
malwarebytes
malwarebytes
TheTruthSpy stalkerware, still insecure, still leaking data
2024-02-13 16:51:29
nvd
nvd
CVE-2022-0732
2022-02-24 16:15:08
cve
cve
CVE-2022-0732
2022-02-24 16:15:08
cert
cert
Mobile device monitoring services do not authenticate API requests
2022-02-22 00:00:00
talosblog
talosblog
Why the toothbrush DDoS story fooled us all
2024-02-15 19:00:43
prion
prion
Design/Logic Flaw
2022-02-24 16:15:00
ics
ics
Preventing Web Application Access Control Abuse
2023-07-27 12:00:00