CVE-2022-50788
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SOUND4 Ltd. | Impact/Pulse/First | Version 2: 1.1/2.15 | affected |
| SOUND4 Ltd. | Impact/Pulse Eco | 1.16 | affected |
| SOUND4 Ltd. | BigVoice4 | 1.2 | affected |
| SOUND4 Ltd. | BigVoice2 | 1.30 | affected |
| SOUND4 Ltd. | Stream | 1.1/2.4.29 | affected |
| Kantar Media | WM2 | 1.11 | affected |
Weaknesses
- CWE-548: Exposure of Information Through Directory Listing
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php
- https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247921
- https://www.sound4.com/
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-information-disclosure-via-log-directory
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.