Vulnerability Details CVE-2022-43449
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.5%
CVSS Severity
CVSS v3 Score 6.2
References
Products affected by CVE-2022-43449
-
cpe:2.3:a:openharmony:openharmony:3.1
-
cpe:2.3:a:openharmony:openharmony:3.1.1
-
cpe:2.3:a:openharmony:openharmony:3.1.2