CVE-2022-35221

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os::

History

08 Aug 2022, 17:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os:: cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
CWE		CWE-770
References	~~(MISC) https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html -~~	(MISC) https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html - Third Party Advisory

02 Aug 2022, 17:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-02 16:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-35221

Mitre link : CVE-2022-35221

CVE.ORG link : CVE-2022-35221

JSON object : View

Products Affected

teamplus

team\+_pro

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2022-35221", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2022-08-02T16:15:10.707", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}, {"lang": "es", "value": "Teamplus Pro community discussion presenta una vulnerabilidad de \"asignaci\u00f3n de recursos sin l\u00edmites o estrangulamiento\" en el campo de asunto del hilo. Un atacante remoto con privilegio de usuario general que publique un tema de hilo con gran contenido puede causar que el servidor asigne demasiada memoria, conllevando a una p\u00e9rdida de contenido parcial de los mensajes y la interrupci\u00f3n del servicio parcial"}], "lastModified": "2022-08-08T17:24:37.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:android:*:*", "vulnerable": true, "matchCriteriaId": "266BDB81-BE36-4A9D-BE19-9B96516B4E58", "versionEndIncluding": "3.011.6.0.1"}, {"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "3E7BB0AB-B190-4997-9873-4E8C5FA60DED", "versionEndIncluding": "3.011.6.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}