CVE-2022-22572 | Cyber Solutions By Thales

Abstract Advisory Information

A non-admin user with user management permission can gain access to an admin account in all incapptic Connect versions with incapptic Connect user authentication.

Author: Dominique Righetto

Version affected

Name: Incapptic

Versions: All incapptic Connect versions.

Common Vulnerability Scoring System

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Patches

Version 1.40.2

References

https://forums.ivanti.com/s/article/Security-Advisory-for-incapptic-Connect-SA-2022-03-10?language=en_US
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22572

Vulnerability Disclosure Timeline

21/02/2022: Vulnerability discovery
21/02/2022: Vulnerability Report to CERT-XLM
21/02/2022: Vulnerability Report to Vendor
25/02/2022: Vulnerability Report to Vendor
11/03/2022: Vulnerability Report to Vendor
11/03/2022: Acknowledge from vendor
18/03/2022: Asked Vendor if a patch is planned
21/03/2022: CVE ID assigned CVE-2022-22572
28/03/2022: Security advisory published