Skip to main content

Incapptic Connect

3 CVEs product

Monthly

CVE-2022-22572 HIGH This Week

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Incapptic Connect
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-22571 MEDIUM This Month

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Incapptic Connect
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2022-21828 HIGH POC This Week

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Incapptic Connect
NVD
CVSS 3.1
7.2
EPSS
3.7%
EPSS 2% CVSS 8.8
HIGH This Week

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Incapptic Connect
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Incapptic Connect
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Incapptic Connect
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy