CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22572
https://notcve.org/view.php?id=CVE-2022-22572
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. Un usuario no administrador con permiso de administración de usuarios puede escalar su privilegio a usuario administrador por medio de la funcionalidad de restablecimiento de contraseña. La vulnerabilidad afecta a Incapptic Connect versiones anteriores a 1.40.1 • https://excellium-services.com/cert-xlm-advisory/cve-2022-22572 https://forums.ivanti.com/s/article/Security-Advisory-for-incapptic-Connect-SA-2022-03-10?language=en_US •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22571
https://notcve.org/view.php?id=CVE-2022-22571
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. Un usuario autenticado con altos privilegios puede llevar a cabo un ataque de tipo XSS almacenado debido a una codificación de salida incorrecta en Incapptic connect y afecta a todas las versiones actuales • https://excellium-services.com/cert-xlm-advisory/cve-2022-22571 https://forums.ivanti.com/s/article/Security-Advisory-for-incapptic-Connect-SA-2022-03-11?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2022-21828
https://notcve.org/view.php?id=CVE-2022-21828
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. Un usuario con acceso de alto privilegio a la consola web de Incapptic Connect puede ejecutar código de forma remota en el servidor de Incapptic Connect usando un vector de ataque no especificado en las versiones de Incapptic Connect versiones 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 y 1.35.3 • https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US • CWE-502: Deserialization of Untrusted Data •