RSS   Vulnerabilities for 'Incapptic connect'   RSS

2022-04-11
 
CVE-2022-22571

CWE-79
 

 
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.

 
 
CVE-2022-22572

CWE-269
 

 
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.

 

 >>> Vendor: Ivanti 12 Products
Endpoint manager
Endpoint security
Workspace control
Landesk management suite
Avalanche
Desktop\&server management
Service manager heat remote control
Dsm netinst
Endpoint manager cloud services appliance
Service manager
Dsm remote
Incapptic connect


Copyright 2022, cxsecurity.com

 

Back to Top