Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by teamplus
CVE-2024-9923 (GCVE-0-2024-9923)
Vulnerability from cvelistv5 – Published: 2024-10-14 03:17 – Updated: 2024-10-15 18:16
VLAI
Title
TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal
Summary
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8128-772aa-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8129-00002-2.html | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| teamplus technology | team+ |
Affected:
13.5.*
|
Date Public
2024-10-14 03:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:15:38.562340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:16:10.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "team+",
"vendor": "teamplus technology",
"versions": [
{
"status": "affected",
"version": "13.5.*"
}
]
}
],
"datePublic": "2024-10-14T03:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.\u003c/span\u003e"
}
],
"value": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T03:17:07.360Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8128-772aa-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8129-00002-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version v14.0.0 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to version v14.0.0 or later."
}
],
"source": {
"advisory": "TVN-202410003",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-9923",
"datePublished": "2024-10-14T03:17:07.360Z",
"dateReserved": "2024-10-14T02:10:16.720Z",
"dateUpdated": "2024-10-15T18:16:10.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9922 (GCVE-0-2024-9922)
Vulnerability from cvelistv5 – Published: 2024-10-14 02:55 – Updated: 2024-10-15 18:20
VLAI
Title
TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Read through Path Traversal
Summary
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8127-41699-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| teamplus technology | team+ |
Affected:
13.5.*
|
|
| teamplus | team\+ |
Affected:
13.5 , < 14.0.0
(custom)
cpe:2.3:a:teamplus:team\+:*:*:*:*:*:*:*:* |
Date Public
2024-10-14 02:52
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teamplus:team\\+:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "team\\+",
"vendor": "teamplus",
"versions": [
{
"lessThan": "14.0.0",
"status": "affected",
"version": "13.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:16:59.739592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:20:33.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "team+",
"vendor": "teamplus technology",
"versions": [
{
"status": "affected",
"version": "13.5.*"
}
]
}
],
"datePublic": "2024-10-14T02:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.\u003c/span\u003e"
}
],
"value": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T02:55:01.325Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8127-41699-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; Update to version v14.0.0 or later."
}
],
"value": "Update to version v14.0.0 or later."
}
],
"source": {
"advisory": "TVN-202410002",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Read through Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-9922",
"datePublished": "2024-10-14T02:55:01.325Z",
"dateReserved": "2024-10-14T02:10:15.245Z",
"dateUpdated": "2024-10-15T18:20:33.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9921 (GCVE-0-2024-9921)
Vulnerability from cvelistv5 – Published: 2024-10-14 02:48 – Updated: 2024-10-15 18:21
VLAI
Title
TEAMPLUS TECHNOLOGY Team+ - SQL Injection
Summary
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8125-4a1ad-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| teamplus technology | team+ |
Affected:
13.5.*
|
|
| teamplus | team\+ |
Affected:
13.5 , < 14.0.0
(custom)
cpe:2.3:a:teamplus:team\+:*:*:*:*:*:*:*:* |
Date Public
2024-10-14 02:48
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teamplus:team\\+:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "team\\+",
"vendor": "teamplus",
"versions": [
{
"lessThan": "14.0.0",
"status": "affected",
"version": "13.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:21:11.341785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:21:58.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "team+",
"vendor": "teamplus technology",
"versions": [
{
"status": "affected",
"version": "13.5.*"
}
]
}
],
"datePublic": "2024-10-14T02:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents."
}
],
"value": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T02:48:52.207Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8125-4a1ad-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; Update to version v14.0.0 or later."
}
],
"value": "Update to version v14.0.0 or later."
}
],
"source": {
"advisory": "TVN-202410001",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY Team+ - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-9921",
"datePublished": "2024-10-14T02:48:52.207Z",
"dateReserved": "2024-10-14T02:10:13.660Z",
"dateUpdated": "2024-10-15T18:21:58.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35221 (GCVE-0-2022-35221)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:20 – Updated: 2024-09-16 22:55
VLAI
Title
TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2
Summary
Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.
Severity
5.4 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TEAMPLUS TECHNOLOGY INC. | Teamplus Pro |
Affected:
unspecified , ≤ 3.011.6.0.1
(custom)
|
Date Public
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Android"
],
"product": "Teamplus Pro",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iOS"
],
"product": "Teamplus Pro",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:20:44.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from TEAMPLUS."
}
],
"source": {
"advisory": "TVN-202207005",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T07:05:00.000Z",
"ID": "CVE-2022-35221",
"STATE": "PUBLIC",
"TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamplus Pro",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
},
{
"platform": "iOS",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
}
]
}
}
]
},
"vendor_name": "TEAMPLUS TECHNOLOGY INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from TEAMPLUS."
}
],
"source": {
"advisory": "TVN-202207005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35221",
"datePublished": "2022-08-02T15:20:44.721Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:47.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35220 (GCVE-0-2022-35220)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:20 – Updated: 2024-09-17 03:33
VLAI
Title
TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1
Summary
Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.
Severity
7.7 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TEAMPLUS TECHNOLOGY INC. | Teamplus Pro |
Affected:
unspecified , ≤ 3.011.6.0.1
(custom)
|
Date Public
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Android"
],
"product": "Teamplus Pro",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iOS"
],
"product": "Teamplus Pro",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Teamplus Pro community discussion function has an \u2018allocation of resource without limits or throttling\u2019 vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client\u2019s Teamplus Pro application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:20:32.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact tech support from TEAMPLUS."
}
],
"source": {
"advisory": "TVN-202207004",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T07:05:00.000Z",
"ID": "CVE-2022-35220",
"STATE": "PUBLIC",
"TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamplus Pro",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
},
{
"platform": "iOS",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
}
]
}
}
]
},
"vendor_name": "TEAMPLUS TECHNOLOGY INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teamplus Pro community discussion function has an \u2018allocation of resource without limits or throttling\u2019 vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client\u2019s Teamplus Pro application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact tech support from TEAMPLUS."
}
],
"source": {
"advisory": "TVN-202207004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35220",
"datePublished": "2022-08-02T15:20:32.031Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:33:42.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32958 (GCVE-0-2022-32958)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:01 – Updated: 2024-09-17 04:05
VLAI
Title
TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling
Summary
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
Severity
7.7 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TEAMPLUS TECHNOLOGY INC. | Teamplus Pro (Private cloud) |
Affected:
unspecified , ≤ 3.011.6.0.1
(custom)
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Android"
],
"product": "Teamplus Pro (Private cloud)",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iOS"
],
"product": "Teamplus Pro (Private cloud)",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:01:54.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."
}
],
"source": {
"advisory": "TVN-202206004",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:30:00.000Z",
"ID": "CVE-2022-32958",
"STATE": "PUBLIC",
"TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamplus Pro (Private cloud)",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
},
{
"platform": "iOS",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
}
]
}
}
]
},
"vendor_name": "TEAMPLUS TECHNOLOGY INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."
}
],
"source": {
"advisory": "TVN-202206004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32958",
"datePublished": "2022-07-20T02:01:55.027Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:05:10.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}