Lucene search

K
cve[email protected]CVE-2022-35221
HistoryAug 02, 2022 - 4:15 p.m.

CVE-2022-35221

2022-08-0216:15:10
CWE-770
web.nvd.nist.gov
29
3
cve-2022-35221
teamplus pro
vulnerability
resource allocation
remote attacker
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

Affected configurations

NVD
Node
teamplusteam\+_proRange3.011.6.0.1private_cloudandroid
OR
teamplusteam\+_proRange3.011.6.0.1private_cloudiphone_os

CNA Affected

[
  {
    "platforms": [
      "Android"
    ],
    "product": "Teamplus Pro",
    "vendor": "TEAMPLUS TECHNOLOGY INC.",
    "versions": [
      {
        "lessThanOrEqual": "3.011.6.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "iOS"
    ],
    "product": "Teamplus Pro",
    "vendor": "TEAMPLUS TECHNOLOGY INC.",
    "versions": [
      {
        "lessThanOrEqual": "3.011.6.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

Related for CVE-2022-35221