Lucene search

SamsungMobileCVELIST:CVE-2024-34597

HistoryJul 02, 2024 - 9:23 a.m.

CVE-2024-34597

2024-07-0209:23:37

SamsungMobile

www.cve.org

improper input validation

samsung health

arbitrary document files

local attackers

sandbox

user interaction

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

EPSS

Percentile

12.9%

JSON

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Health",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.27.0.113"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

EPSS

Percentile

12.9%

JSON

Related for CVELIST:CVE-2024-34597