{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T14:56:02.362","vulnerabilities":[{"cve":{"id":"CVE-2022-34774","sourceIdentifier":"cna@cyber.gov.il","published":"2022-08-22T15:15:16.293","lastModified":"2026-06-17T04:50:54.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password)."},{"lang":"es","value":"Tabit - Modificación arbitraria de cuentas. Uno de los endpoints mapeados por la diminuta URL, era una página en la que un adversario puede modificar los datos personales, como las direcciones de correo electrónico y los números de teléfono de un usuario específico en el programa de fidelización de un restaurante. Posiblemente permitiendo una toma de control de la cuenta (el correo puede ser usado para restablecer la contraseña)."}],"affected":[{"source":"cna@cyber.gov.il","affectedData":[{"vendor":"Tabit","product":"Tabit","versions":[{"version":"3.27.0","lessThan":"3.27.0*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tabit:tabit:*:*:*:*:*:*:*:*","versionEndExcluding":"3.27.0","matchCriteriaId":"1D2DB843-28A9-4524-B84D-F714BF3DB9F6"}]}]}],"references":[{"url":"https://www.gov.il/en/departments/faq/cve_advisories","source":"cna@cyber.gov.il","tags":["Third Party Advisory"]},{"url":"https://www.gov.il/en/departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}