Lucene search

[email protected]CVE-2023-21463

HistoryMar 16, 2023 - 9:15 p.m.

CVE-2023-21463

2023-03-1621:15:12

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-21463

improper access control

myfiles

android

vulnerability

samsung internet

nvd

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.

Affected configurations

NVD

Node

samsungmyfilesRange<12.2.09.0

AND

googleandroidMatch11.0

Node

samsungmyfilesRange<13.1.03.501

AND

googleandroidMatch12.0

Node

samsungmyfilesRange<14.1.03.0

AND

googleandroidMatch13.0

CPENameOperatorVersion
samsung:myfilessamsung myfileslt12.2.09.0

CPE	Name	Operator	Version
samsung:myfiles	samsung myfiles	lt	12.2.09.0

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "MyFiles",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "12.2.09.0 in Android 11, 13.1.03.501 in Android12 and 14.1.03.0 in Android 13",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-21463

cvelist1 prion1 nvd1