Lucene search

Samsung MobileCVELIST:CVE-2023-21515

HistoryMay 26, 2023 - 12:00 a.m.

CVE-2023-21515

2023-05-2600:00:00

CWE-20

Samsung Mobile

www.cve.org

cve-2023-21515

instantplay

vulnerability

galaxy store

javascript api

apk installation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Galaxy Store",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "4.5.49.8",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVELIST:CVE-2023-21515