cvedb.io
CVE-2022-3589
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2022-11-21T10:15:31.437 · Last modified 2026-06-17T04:59:48.080

Summary

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability.

Affected products

miele — appwash

Does this affect you?

Add your gear to cvedb and we'll alert you only when miele ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.