CVE ID |
Version |
Problem Type |
Description |
Discoverer |
CVE-2022-38768 |
2.4.6 |
Incorrect Access Control |
The mobile application allows remote attackers to bypass authorization. |
Cybersecurity team of the ministry of energy MoEnergy. |
CVE-2022-38769 |
2.4.6 |
Incorrect Access Control |
The mobile application allows remote attackers to fetch cleartext passwords upon a successful login request. |
Cybersecurity team of the ministry of energy MoEnergy. |
CVE-2022-38770 |
2.4.6 |
Incorrect Access Control |
The mobile application allows remote attackers to fetch other users' data upon a successful login request. |
Cybersecurity team of the ministry of energy MoEnergy. |
CVE-2022-38771 |
2.4.6 |
SQL Injection |
The mobile application allows remote attackers to send SCRIPT tags as injected input to the API request. |
Cybersecurity team of the ministry of energy MoEnergy. |