Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-45118

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

Published

2022-12-08T16:15:13.553

Last Modified

2024-11-21T07:28:48.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openharmony	openharmony	≤ 3.1.4	Yes

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md Third Party Advisory ([email protected])
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)