Lucene search

[email protected]CVE-2023-21515

HistoryMay 26, 2023 - 10:15 p.m.

CVE-2023-21515

2023-05-2622:15:14

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-21515

instantplay

script vulnerability

galaxy store

apk installation

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Affected configurations

NVD

Node

samsunggalaxy_storeRange<4.5.49.8

CPENameOperatorVersion
samsung:galaxy_storesamsung galaxy storelt4.5.49.8

CPE	Name	Operator	Version
samsung:galaxy_store	samsung galaxy store	lt	4.5.49.8

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Galaxy Store",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "4.5.49.8",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2023-21515

prion1 nvd1 zdi1 cvelist1