Lucene search

Samsung MobileCVELIST:CVE-2022-23433

HistoryFeb 11, 2022 - 5:40 p.m.

CVE-2022-23433

2022-02-1117:40:14

CWE-284

Samsung Mobile

www.cve.org

improper access control

reminder

android

cve-2022-23433

remote exploitation

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.

CNA Affected

[
  {
    "product": "Reminder",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10)",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for CVELIST:CVE-2022-23433