CVE-2022-32958 (GCVE-0-2022-32958)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:01 – Updated: 2024-09-17 04:05
VLAI?
Title
TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling
Summary
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
Severity ?
7.7 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TEAMPLUS TECHNOLOGY INC. | Teamplus Pro (Private cloud) |
Affected:
unspecified , ≤ 3.011.6.0.1
(custom)
|
|||||||
|
|||||||||
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Android"
],
"product": "Teamplus Pro (Private cloud)",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iOS"
],
"product": "Teamplus Pro (Private cloud)",
"vendor": "TEAMPLUS TECHNOLOGY INC.",
"versions": [
{
"lessThanOrEqual": "3.011.6.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:01:54.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."
}
],
"source": {
"advisory": "TVN-202206004",
"discovery": "EXTERNAL"
},
"title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:30:00.000Z",
"ID": "CVE-2022-32958",
"STATE": "PUBLIC",
"TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamplus Pro (Private cloud)",
"version": {
"version_data": [
{
"platform": "Android",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
},
{
"platform": "iOS",
"version_affected": "\u003c=",
"version_value": "3.011.6.0.1"
}
]
}
}
]
},
"vendor_name": "TEAMPLUS TECHNOLOGY INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact TEAMPLUS TECHNOLOGY INC. for tech support."
}
],
"source": {
"advisory": "TVN-202206004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32958",
"datePublished": "2022-07-20T02:01:55.027Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:05:10.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-32958",
"date": "2026-04-25",
"epss": "0.00786",
"percentile": "0.73889"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:teamplus:team\\\\+_pro:*:*:*:*:private_cloud:android:*:*\", \"versionEndIncluding\": \"3.011.6.0.1\", \"matchCriteriaId\": \"266BDB81-BE36-4A9D-BE19-9B96516B4E58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:teamplus:team\\\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*\", \"versionEndIncluding\": \"3.011.6.0.1\", \"matchCriteriaId\": \"3E7BB0AB-B190-4997-9873-4E8C5FA60DED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A remote attacker with general user privilege can send a message to Teamplus Pro\\u2019s chat group that exceeds message size limit, to terminate other recipients\\u2019 Teamplus Pro chat process.\"}, {\"lang\": \"es\", \"value\": \"Un atacante remoto con privilegio de usuario general puede enviar un mensaje al grupo de chat de Teamplus Pro que exceda el l\\u00edmite de tama\\u00f1o del mensaje, para terminar el proceso de chat de otros destinatarios de Teamplus Pro\"}]",
"id": "CVE-2022-32958",
"lastModified": "2024-11-21T07:07:18.650",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2022-07-20T02:15:07.637",
"references": "[{\"url\": \"https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-32958\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2022-07-20T02:15:07.637\",\"lastModified\":\"2024-11-21T07:07:18.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote attacker with general user privilege can send a message to Teamplus Pro\u2019s chat group that exceeds message size limit, to terminate other recipients\u2019 Teamplus Pro chat process.\"},{\"lang\":\"es\",\"value\":\"Un atacante remoto con privilegio de usuario general puede enviar un mensaje al grupo de chat de Teamplus Pro que exceda el l\u00edmite de tama\u00f1o del mensaje, para terminar el proceso de chat de otros destinatarios de Teamplus Pro\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:teamplus:team\\\\+_pro:*:*:*:*:private_cloud:android:*:*\",\"versionEndIncluding\":\"3.011.6.0.1\",\"matchCriteriaId\":\"266BDB81-BE36-4A9D-BE19-9B96516B4E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:teamplus:team\\\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*\",\"versionEndIncluding\":\"3.011.6.0.1\",\"matchCriteriaId\":\"3E7BB0AB-B190-4997-9873-4E8C5FA60DED\"}]}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-6289-a5524-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…