Lucene search

Samsung MobileCVELIST:CVE-2022-36864

HistorySep 09, 2022 - 2:40 p.m.

CVE-2022-36864

2022-09-0914:40:05

CWE-284

Samsung Mobile

www.cve.org

improper access control

samsung email

formatted file

privileged behavior

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

CNA Affected

[
  {
    "product": "Samsung Email",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "6.1.70.20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-36864