CVE-2022-45118

Published: Dec 8, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

Affected (1)

Products: Openharmony: Openharmony

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openharmony Openharmony	From 3.1 to 3.1.4

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md

Source: scy@openharmony.io

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.