What the vulnerability does
01Description
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
CVSS base score
—
Key dates
02Disclosure timeline
February 24, 2022
CVE published
September 16, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2019-10166
CVE-2026-2850 yeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access control
CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability
CVE-2025-3398 lenve VBlog WebSecurityConfig.java configure access control
