CVE-2022-50788

Summary

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.

Affected Software

VendorProductVersion RangeStatus
SOUND4 Ltd.Impact/Pulse/FirstVersion 2: 1.1/2.15affected
SOUND4 Ltd.Impact/Pulse Eco1.16affected
SOUND4 Ltd.BigVoice41.2affected
SOUND4 Ltd.BigVoice21.30affected
SOUND4 Ltd.Stream1.1/2.4.29affected
Kantar MediaWM21.11affected

Weaknesses

  • CWE-548: Exposure of Information Through Directory Listing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References