Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for applock by spsoftmobile

    CVE-2022-1959 (GCVE-0-2022-1959)

    Vulnerability from nvd – Published: 2022-09-30 16:22 – Updated: 2025-05-20 18:31
    VLAI
    Summary
    AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control - Fingerprint
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a AppLock - Fingerprint Affected: 7.9.29
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fluidattacks.com/advisories/walker/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.spsoftmobile.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1959",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T18:30:57.732099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T18:31:08.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AppLock - Fingerprint",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.9.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control - Fingerprint",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-30T16:22:14.000Z",
            "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
            "shortName": "Fluid Attacks"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fluidattacks.com/advisories/walker/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.spsoftmobile.com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "help@fluidattacks.com",
              "ID": "CVE-2022-1959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AppLock - Fingerprint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.9.29"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control - Fingerprint"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fluidattacks.com/advisories/walker/",
                  "refsource": "MISC",
                  "url": "https://fluidattacks.com/advisories/walker/"
                },
                {
                  "name": "https://www.spsoftmobile.com/",
                  "refsource": "MISC",
                  "url": "https://www.spsoftmobile.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "assignerShortName": "Fluid Attacks",
        "cveId": "CVE-2022-1959",
        "datePublished": "2022-09-30T16:22:14.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-20T18:31:08.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1959 (GCVE-0-2022-1959)

    Vulnerability from cvelistv5 – Published: 2022-09-30 16:22 – Updated: 2025-05-20 18:31
    VLAI
    Summary
    AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control - Fingerprint
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a AppLock - Fingerprint Affected: 7.9.29
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fluidattacks.com/advisories/walker/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.spsoftmobile.com/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1959",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T18:30:57.732099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T18:31:08.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AppLock - Fingerprint",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.9.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control - Fingerprint",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-30T16:22:14.000Z",
            "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
            "shortName": "Fluid Attacks"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fluidattacks.com/advisories/walker/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.spsoftmobile.com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "help@fluidattacks.com",
              "ID": "CVE-2022-1959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AppLock - Fingerprint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.9.29"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control - Fingerprint"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fluidattacks.com/advisories/walker/",
                  "refsource": "MISC",
                  "url": "https://fluidattacks.com/advisories/walker/"
                },
                {
                  "name": "https://www.spsoftmobile.com/",
                  "refsource": "MISC",
                  "url": "https://www.spsoftmobile.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "assignerShortName": "Fluid Attacks",
        "cveId": "CVE-2022-1959",
        "datePublished": "2022-09-30T16:22:14.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-20T18:31:08.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }