Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-34771
PUBLISHED
More InfoOfficial Page
Assigner-INCD
Assigner Org ID-a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f
View Known Exploited Vulnerability (KEV) details
Published At-22 Aug, 2022 | 14:40
Updated At-16 Sep, 2024 | 20:48
Rejected At-
▼CVE Numbering Authority (CNA)
Tabit - arbitrary SMS send on Tabits behalf

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.

Affected Products
Vendor
Tabit
Product
Tabit
Versions
Affected
  • From 3.27.0 before 3.27.0* (custom)
Problem Types
TypeCWE IDDescription
textN/Aarbitrary SMS send on Tabits behalf
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to version 3.27.0.

Configurations
Workarounds
Exploits
Credits
Guy Ben Simhon - Noname Security
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gov.il/en/departments/faq/cve_advisories
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gov.il/en/departments/faq/cve_advisories
x_refsource_MISC
x_transferred
Details not found