Lucene search

SamsungMobileCVE-2024-20822

HistoryFeb 06, 2024 - 3:15 a.m.

CVE-2024-20822

2024-02-0603:15:09

SamsungMobile

web.nvd.nist.gov

cve-2024-20822

vulnerability

galaxy store

implicit intent hijacking

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Affected configurations

Nvd

Node

samsunggalaxy_storeRange<4.5.63.6

VendorProductVersionCPE
samsunggalaxy_store*cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	galaxy_store	*	cpe:2.3:a:samsung:galaxy_store::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Galaxy Store",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.5.63.6"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2024-20822