CVE-2022-0732

EPSS 2.5%CWE-284

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Feb 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.

Affected products

1Byte · Copy9 1Byte · ExactSpy 1Byte · FoneTracker 1Byte · GuestSpy 1Byte · iSpyoo 1Byte · MxSpy 1Byte · SecondClone 1Byte · TheSpyApp 1Byte · The Truth Spy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cwe.mitre.org/data/definitions/284.html https://kb.cert.org/vuls/id/229438 https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/https://www.kb.cert.org/vuls/id/229438