Lucene search

SamsungMobileCVE-2024-34597

HistoryJul 02, 2024 - 10:15 a.m.

CVE-2024-34597

2024-07-0210:15:08

SamsungMobile

web.nvd.nist.gov

improper input validation

samsung health

arbitrary files

user interaction

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

7.1

Confidence

High

EPSS

Percentile

12.9%

JSON

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.

Affected configurations

Nvd

Node

samsunghealthRange<6.27.0.113

VendorProductVersionCPE
samsunghealth*cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	health	*	cpe:2.3:a:samsung:health::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Health",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.27.0.113"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

7.1

Confidence

High

EPSS

Percentile

12.9%

JSON

Related for CVE-2024-34597