CVE-2022-45118

EPSS 0.04%
Veröffentlicht 08.12.2022 16:15:13
Zuletzt bearbeitet 21.11.2024 07:28:48
Quelle scy@openharmony.io
CVE-Watchlists
Login
Unerledigt
Login

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openharmony ≫ Openharmony Version >= 3.1 <= 3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.134

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
scy@openharmony.io	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45118

EUVD