Lucene search

[email protected]CVE-2022-36877

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-36877

2022-09-0915:15:13

CWE-532

CWE-200

[email protected]

web.nvd.nist.gov

information security

cve-2022-36877

faqsymptomcardviewmodel

samsung members

sensitive information

data exposure

device identification

nvd

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

Affected configurations

NVD

Node

samsungsamsung_membersRange<4.3.00.11global

samsungsamsung_membersRange<14.0.02.4china

CPENameOperatorVersion
samsung:samsung_memberssamsung samsung memberslt4.3.00.11
samsung:samsung_memberssamsung samsung memberslt14.0.02.4

CPE	Name	Operator	Version
samsung:samsung_members	samsung samsung members	lt	4.3.00.11
samsung:samsung_members	samsung samsung members	lt	14.0.02.4

CNA Affected

[
  {
    "product": "Samsung Members",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "4.3.00.11 in Global and 14.0.02.4 in China",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

Social References

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-36877

nvd1 cvelist1 prion1