CVE-2022-22571

4.8MEDIUM

Key Information:

Vendor: Ivanti
Status: Ivanti Incapptic Connect
Vendor: CVE Published:; 11 April 2022

Summary

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.

Affected Version(s)

Ivanti Incapptic Connect A workaround has been published to fix this issue

References

https://forums.ivanti.com/s/article/Security-Advisory-for...

x_refsource_MISC

https://excellium-services.com/cert-xlm-advisory/cve-2022...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Jan 4, 2022

Collectors

NVD DatabaseMitre Database