Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35221: 互動資通 Teamplus Pro - Allocation of Resources Without Limits or Throttling-2

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

CVE
#vulnerability#ios#android

:::

  • 首頁
  • 資安服務
  • 台灣漏洞揭露平台 (TVN)
  • TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202207005

CVE ID

CVE-2022-35221

CVSS

5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

影響產品

互動資通 Teamplus Pro私有雲版本 (Android 、iOS) <= v3.011.6.0.1

問題描述

Teamplus Pro團隊討論版中留言功能的主旨欄位含有Allocation of Resources Without Limits or Throttling的漏洞,使遠端攻擊者以一般使用者權限,發送大量的主旨內容,導致部分討論版留言內容消失,且伺服器部分功能異常。

解決方法

聯繫互動資通進行版本更新

漏洞通報者

RayHong (CCoE)

公開日期

2022-07-29

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda