Lucene search

[email protected]NVD:CVE-2024-34597

HistoryJul 02, 2024 - 10:15 a.m.

CVE-2024-34597

2024-07-0210:15:08

[email protected]

web.nvd.nist.gov

samsung health

input validation

local attackers

arbitrary document files

sandbox

user interaction

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

Percentile

12.9%

JSON

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.

Affected configurations

Nvd

Node

samsunghealthRange<6.27.0.113

VendorProductVersionCPE
samsunghealth*cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	health	*	cpe:2.3:a:samsung:health::::::::

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

Percentile

12.9%

JSON

Related for NVD:CVE-2024-34597

cvelist1 cve1 vulnrichment1