Vulnerabilities > CVE-2022-26629 - Incorrect Authorization vulnerability in Splus Soroushplus 1.0.30

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

splus

CWE-863

critical

NVD

Published: 2022-03-24

Updated: 2024-11-21

Summary

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.

Vulnerable Configurations

Part	Description	Count
Application	Splus Splus Soroushplus 1.0.30	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/sysenter-eip/CVE-2022-26629
https://github.com/sysenter-eip/CVE-2022-26629