Lucene search

[email protected]CVE-2023-21514

HistoryMay 26, 2023 - 10:15 p.m.

CVE-2023-21514

2023-05-2622:15:14

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-21514

instantplay deeplink

galaxy store

security vulnerability

javascript api

apk installation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Affected configurations

NVD

Node

samsunggalaxy_storeRange<4.5.49.8

CPENameOperatorVersion
samsung:galaxy_storesamsung galaxy storelt4.5.49.8

CPE	Name	Operator	Version
samsung:galaxy_store	samsung galaxy store	lt	4.5.49.8

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Galaxy Store",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "4.5.49.8",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2023-21514

prion1 nvd1 zdi1 cvelist1