CVE-2022-24387
CRITICALSmarterTrack <100.0.8019.14010 - Privilege Escalation
Title source: llmDescription
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
References (3)
Core 3
Core References
Various Sources
https://csrit.divd.nl/CVE-2022-24387
Third Party Advisory, VDB Entry x_refsource_confirm
related
https://csirt.divd.nl/DIVD-2021-00029
Various Sources x_refsource_confirm
third-party-advisory
https://csirt.divd.nl/CVE-2022-24387/
Scores
CVSS v3
9.1
EPSS
0.0061
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (2)
smartertools/smartertrack
100.0.8019 - 100.0.8075
SmarterTools/SmarterTrack
100.0.8019.x - Build 8075
Published
Mar 14, 2022
Tracked Since
Feb 18, 2026