PT-2022-15535 · Unknown · Incapptic Connect
Dominique Righetto
·
Published
2022-04-11
·
Updated
2023-08-08
·
CVE-2022-22572
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Incapptic Connect versions prior to 1.40.1
Description
A non-admin user with user management permission can escalate their privilege to an admin user via the password reset functionality.
Recommendations
For versions prior to 1.40.1, update to version 1.40.1 or later to resolve the issue. As a temporary workaround, consider restricting the user management permission to prevent non-admin users from exploiting the password reset functionality.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Incapptic Connect