CVE-2022-22572

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Ivanti Incapptic Connect
Vendor: CVE Published:; 11 April 2022

Summary

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.

Affected Version(s)

Ivanti Incapptic Connect 1.40.2

References

https://excellium-services.com/cert-xlm-advisory/cve-2022...

x_refsource_MISC

https://forums.ivanti.com/s/article/Security-Advisory-for...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Jan 4, 2022

Collectors

NVD DatabaseMitre Database