Incapptic Connect
CVE-2022-22572
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
AnalysisAI
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. Affected products include: Ivanti Incapptic Connect.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Incapptic Connect
View allA user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connec
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic conn
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today