{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T08:14:13.033","vulnerabilities":[{"cve":{"id":"CVE-2022-42488","sourceIdentifier":"scy@openharmony.io","published":"2022-10-14T15:16:26.243","lastModified":"2024-11-21T07:25:03.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services."},{"lang":"es","value":"OpenHarmony versiones v3.1.2 y versiones anteriores, presentan una vulnerabilidad de Falta de comprobación de permisos en el servicio param del subsistema de inicio. Una aplicación maliciosa instalada en el dispositivo podría elevar sus privilegios a usuario root, deshabilitar las funciones de seguridad o causar DoS deshabilitando determinados servicios"}],"metrics":{"cvssMetricV31":[{"source":"scy@openharmony.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"scy@openharmony.io","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"3.1.2","matchCriteriaId":"B80E85F4-B43C-47C4-91AD-CC3C6E9A8DEA"}]}]}],"references":[{"url":"https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md","source":"scy@openharmony.io","tags":["Third Party Advisory"]},{"url":"https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}