{"containers": {"cna": {"affected": [{"product": "HarmonyOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "HarmonyOS 2.0"}]}], "descriptions": [{"lang": "en", "value": "A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources."}], "problemTypes": [{"descriptions": [{"description": "Authentication Bypass by Spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-02T18:11:34", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22294", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HarmonyOS", "version": {"version_data": [{"version_value": "HarmonyOS 2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass by Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md", "refsource": "MISC", "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22294", "datePublished": "2021-03-02T18:11:34", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:37:18.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AD62E8B-CB4B-43A6-98E8-09A8A1A3505B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources."}, {"lang": "es", "value": "Un componente API de HarmonyOS versi\u00f3n 2.0 presenta una vulnerabilidad de omisi\u00f3n de permisos. Los atacantes locales pueden explotar esta vulnerabilidad para emitir comandos repetidamente, agotando los recursos de servicio del sistema"}], "id": "CVE-2021-22294", "lastModified": "2024-11-21T05:49:51.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-02T19:15:13.083", "references": [{"source": "psirt@huawei.com", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}