Vulnerability Details CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cwe.mitre.org/data/definitions/284.html
- https://kb.cert.org/vuls/id/229438
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://www.kb.cert.org/vuls/id/229438
- https://cwe.mitre.org/data/definitions/284.html
- https://kb.cert.org/vuls/id/229438
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://www.kb.cert.org/vuls/id/229438
Products affected by CVE-2022-0732
-
cpe:2.3:a:1byte:copy9:-
-
cpe:2.3:a:1byte:exactspy:-
-
cpe:2.3:a:1byte:fonetracker:-
-
cpe:2.3:a:1byte:guestspy:-
-
cpe:2.3:a:1byte:ispyoo:-
-
cpe:2.3:a:1byte:mxspy:-
-
cpe:2.3:a:1byte:secondclone:-
-
cpe:2.3:a:1byte:the_truth_spy:-
-
cpe:2.3:a:1byte:thespyapp:-