Lucene search

Samsung MobileCVELIST:CVE-2023-21448

HistoryFeb 09, 2023 - 12:00 a.m.

CVE-2023-21448

2023-02-0900:00:00

CWE-22

Samsung Mobile

www.cve.org

samsung cloud

path traversal

png file

vulnerability

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

10.7%

JSON

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Cloud",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "5.3.0.32",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

10.7%

JSON

Related for CVELIST:CVE-2023-21448