Lucene search

Samsung MobileCVELIST:CVE-2022-36852

HistorySep 09, 2022 - 2:40 p.m.

CVE-2022-36852

2022-09-0914:40:03

CWE-285

Samsung Mobile

www.cve.org

cve-2022-36852

video editor

smr sep-2022 release

improper authorization

local attacker

internal application data

CVSS3

1.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Sep-2022 Release 1",
        "status": "affected",
        "version": "R(11), S(12)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09

CVSS3

1.9

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-36852