CVE-2022-0732
N/A
N/A
Summary
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| 1Byte | Copy9 | All | affected |
| 1Byte | FoneTracker | All | affected |
| 1Byte | iSpyoo | All | affected |
| 1Byte | GuestSpy | All | affected |
| 1Byte | TheSpyApp | All | affected |
| 1Byte | ExactSpy | All | affected |
| 1Byte | SecondClone | All | affected |
| 1Byte | The Truth Spy | All | affected |
| 1Byte | MxSpy | All | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/229438
- https://cwe.mitre.org/data/definitions/284.html
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://kb.cert.org/vuls/id/229438
References
- https://www.kb.cert.org/vuls/id/229438
- https://cwe.mitre.org/data/definitions/284.html
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://kb.cert.org/vuls/id/229438
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.