CVE-2022-50692

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vulnerability

CVSS 6.9 MEDIUMEPSS 0.5%CWE-613

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.9EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

30 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Kantar Media · WM2 SOUND4 Ltd. · BigVoice2 SOUND4 Ltd. · BigVoice4 SOUND4 Ltd. · Impact/Pulse Eco SOUND4 Ltd. · Impact/Pulse/First SOUND4 Ltd. · Stream

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cxsecurity.com/issue/WLB-2022120030 https://exchange.xforce.ibmcloud.com/vulnerabilities/247956 https://packetstormsecurity.com/files/170251/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Insufficient-Session-Expiration.html https://www.sound4.com/https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-insufficient-session-expiration-vulnerability https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5724.php