Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
CVE-2022-24385

6.5MEDIUM

Key Information:

Vendor: Smartertools
Status: Smartertrack
Vendor: CVE Published:; 14 March 2022

What is CVE-2022-24385?

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

Affected Version(s)

SmarterTrack 100.x

References

https://csirt.divd.nl/DIVD-2021-00029

x_refsource_CONFIRMrelated

https://csirt.divd.nl/CVE-2022-24385

x_refsource_CONFIRMthird-party-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2022
Vulnerability Reserved
Feb 3, 2022

Credit

Discovered by Wietse Boonstra of DIVD