Improper Access Control Vulnerability in Weather App Allows Unauthorized Access to Location Information

Improper Access Control Vulnerability in Weather App Allows Unauthorized Access to Location Information

CVE-2022-28780 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.

Learn more about our Web Application Penetration Testing UK.