Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-24387
PUBLISHED
More InfoOfficial Page
Assigner-DIVD
Assigner Org ID-b87402ff-ae37-4194-9dae-31abdbd6f217
View Known Exploited Vulnerability (KEV) details
Published At-14 Mar, 2022 | 12:15
Updated At-11 Mar, 2025 | 13:39
Rejected At-
▼CVE Numbering Authority (CNA)
File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010

Affected Products
Vendor
SmarterTools
Product
SmarterTrack
Versions
Affected
  • From 100.0.8019.x before Build 8075 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Wietse Boonstra (DIVD)
analyst
Finn van der Knaap (DIVD)
analyst
Victor Gevers (DIVD)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://csirt.divd.nl/DIVD-2021-00029
x_refsource_CONFIRM
related
https://csirt.divd.nl/CVE-2022-24387/
x_refsource_CONFIRM
third-party-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
smartertools
Product
smartertrack
CPEs
  • cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 100.0.8019.x before Build_8075 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://csirt.divd.nl/DIVD-2021-00029
x_refsource_CONFIRM
related
x_transferred
https://csrit.divd.nl/CVE-2022-24387
x_refsource_CONFIRM
third-party-advisory
x_transferred
Details not found