Lucene search

Samsung MobileCVELIST:CVE-2022-36857

HistorySep 09, 2022 - 2:40 p.m.

CVE-2022-36857

2022-09-0914:40:04

CWE-285

Samsung Mobile

www.cve.org

cve-2022-36857

photo editor

smr sep-2022

authorization

data access

1.9 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Sep-2022 Release 1",
        "status": "affected",
        "version": "R(11) and Photo Editor prior to 3.0.23.43 in S(12)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09

1.9 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for CVELIST:CVE-2022-36857