CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
References
Link Resource
https://kb.cert.org/vuls/id/229438 Third Party Advisory US Government Resource
https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/ Press/Media Coverage Third Party Advisory
https://cwe.mitre.org/data/definitions/284.html Not Applicable
https://www.kb.cert.org/vuls/id/229438 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:1byte:copy9:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:fonetracker:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:ispyoo:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:guestspy:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:thespyapp:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:secondclone:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:the_truth_spy:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:mxspy:-:*:*:*:*:*:*:*
cpe:2.3:a:1byte:exactspy:-:*:*:*:*:*:*:*

Information

Published : 2022-02-24 04:15

Updated : 2022-03-08 03:54


NVD link : CVE-2022-0732

Mitre link : CVE-2022-0732

Products Affected
No products.
CWE