CVE-2022-21828
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/03/2022
Last modified:
21/03/2022
Description
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ivanti:incapptic_connect:1.35.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.35.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.35.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.36.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.37.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.37.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.38.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.38.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.39.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.39.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:incapptic_connect:1.40.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page