Lucene search

TwcertCVELIST:CVE-2022-32958

HistoryJul 20, 2022 - 2:01 a.m.

CVE-2022-32958 TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling

2022-07-2002:01:55

CWE-770

twcert

www.cve.org

teamplus pro

resource allocation

vulnerability

remote attack

message size limit

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.

CNA Affected

[
  {
    "platforms": [
      "Android"
    ],
    "product": "Teamplus Pro (Private cloud)",
    "vendor": "TEAMPLUS TECHNOLOGY INC.",
    "versions": [
      {
        "lessThanOrEqual": "3.011.6.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "iOS"
    ],
    "product": "Teamplus Pro (Private cloud)",
    "vendor": "TEAMPLUS TECHNOLOGY INC.",
    "versions": [
      {
        "lessThanOrEqual": "3.011.6.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6289-a5524-1.html

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

Related for CVELIST:CVE-2022-32958