Lucene search

[email protected]NVD:CVE-2022-36829

HistoryAug 05, 2022 - 4:15 p.m.

CVE-2022-36829

2022-08-0516:15:14

CWE-927

[email protected]

web.nvd.nist.gov

samsung charm

pendingintent hijacking

implicit intent

local attack

file access permission

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

Affected configurations

Nvd

Node

samsungcharm_firmwareRange<1.2.3

AND

samsungcharmMatch-

VendorProductVersionCPE
samsungcharm_firmware*cpe:2.3:o:samsung:charm_firmware:*:*:*:*:*:*:*:*
samsungcharm-cpe:2.3:h:samsung:charm:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	charm_firmware	*	cpe:2.3:o:samsung:charm_firmware::::::::
samsung	charm	-	cpe:2.3:h:samsung:charm:-:::::::*

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-36829

prion1 cve1 cvelist1