CVE-2022-24387

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
DIVDCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
smartertoolssmartertrack
100.0.8019 ≤
𝑥
< 100.0.8075
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://csirt.divd.nl/CVE-2022-24387/
https://csirt.divd.nl/DIVD-2021-00029
https://csirt.divd.nl/DIVD-2021-00029
https://csrit.divd.nl/CVE-2022-24387