PT-2022-19228 · Weather · Weather
Published
2022-05-03
·
Updated
2022-05-11
·
CVE-2022-28780
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Weather versions prior to SMR May-2022 Release 1
Description
The issue concerns an improper access control vulnerability that allows attackers to access location information set in Weather without permission. This vulnerability can be exploited to gain unauthorized access to sensitive data. The patch for this issue adds proper protection to prevent access to location information.
Recommendations
For versions prior to SMR May-2022 Release 1, update to the SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to location information in the Weather application until the patch is applied.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weather