Lucene search
SamsungMobileCVELIST:CVE-2024-20837HistoryMar 05, 2024 - 4:44 a.m.
CVE-2024-20837
2024-03-0504:44:46
SamsungMobile
www.cve.org
2
cve-2024-20837
local attackers
twa webapps
user interaction
samsung internet
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
5.5
Confidence
High
EPSS
0
Percentile
9.0%
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
CNA Affected
[
{
"vendor": "Samsung Mobile",
"product": "Samsung Internet",
"versions": [
{
"status": "unaffected",
"version": "24.0.0.41"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-20837
2024-03-05 05:15:11
cve
cve
CVE-2024-20837
2024-03-05 05:15:11
vulnrichment
vulnrichment
CVE-2024-20837
2024-03-05 04:44:46
prion
prion
Input validation
2024-03-05 05:15:00
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
5.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-20837