CVE-2022-24385

Information disclosure via direct object access on SmarterTrack v100.0.8019.14010

CVE

CVE-2022-24385

Title

Information disclosure via direct object access on SmarterTrack v100.0.8019.14010

Case

DIVD-2021-00029

Credits

Discovered by Wietse Boonstra of DIVD ()

Affected products

Product	Affected	Unaffected	Unknown
SmarterTools SmarterTrack	>= 100.x to < Build 8075 (custom)
SmarterTools SmarterTrack

CVSS

References

https://csirt.divd.nl/DIVD-2021-00029 ( x_refsource_CONFIRM, related )
https://csirt.divd.nl/CVE-2022-24385 ( x_refsource_CONFIRM, third-party-advisory )

Problem type(s)

CWE-425 Direct Request (Forced Browsing)

Date published

11 Mar 2022 00:00 CET

Last modified

20 Jun 2024 12:59 UTC

Description

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

JSON version.

DIVD CSIRT

CVE-2022-24385

Information disclosure via direct object access on SmarterTrack v100.0.8019.14010

Description