Lucene search

[email protected]NVD:CVE-2022-36877

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-36877

2022-09-0915:15:13

CWE-532

CWE-200

[email protected]

web.nvd.nist.gov

sensitive information exposure

faqsymptomcardviewmodel

samsung members

local attackers

device identification

log

global

china

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

5.1%

JSON

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

Affected configurations

Nvd

Node

samsungsamsung_membersRange<4.3.00.11global

samsungsamsung_membersRange<14.0.02.4china

VendorProductVersionCPE
samsungsamsung_members*cpe:2.3:a:samsung:samsung_members:*:*:*:*:global:*:*:*
samsungsamsung_members*cpe:2.3:a:samsung:samsung_members:*:*:*:*:china:*:*:*

Vendor	Product	Version	CPE
samsung	samsung_members	*	cpe:2.3:a:samsung:samsung_members:::::global:::*
samsung	samsung_members	*	cpe:2.3:a:samsung:samsung_members:::::china:::*

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-36877

cvelist1 cve1 prion1