Search

Find a vulnerability

Search criteria

    61 vulnerabilities found for account by samsung

    CVE-2026-20994 (GCVE-0-2026-20994)

    Vulnerability from nvd – Published: 2026-03-16 04:32 – Updated: 2026-05-20 02:17
    VLAI
    Summary
    URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20994",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:10:52.015253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:19:36.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eURL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.\u003c/p\u003e"
                }
              ],
              "value": "URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0026#39;Open Redirect\u0026#39;)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T02:17:15.248Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-20994",
        "datePublished": "2026-03-16T04:32:01.472Z",
        "dateReserved": "2025-12-11T01:33:35.801Z",
        "dateUpdated": "2026-05-20T02:17:15.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58487 (GCVE-0-2025-58487)

    Vulnerability from nvd – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
    VLAI
    Summary
    Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58487",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:43.649227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:55:48.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:33.938Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58487",
        "datePublished": "2025-12-02T01:24:33.938Z",
        "dateReserved": "2025-09-03T06:13:48.469Z",
        "dateUpdated": "2025-12-02T16:55:48.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58486 (GCVE-0-2025-58486)

    Vulnerability from nvd – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
    VLAI
    Summary
    Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:45.984575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:55:55.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:32.755Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58486",
        "datePublished": "2025-12-02T01:24:32.755Z",
        "dateReserved": "2025-09-03T06:13:48.468Z",
        "dateUpdated": "2025-12-02T16:55:55.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21076 (GCVE-0-2025-21076)

    Vulnerability from nvd – Published: 2025-11-05 05:40 – Updated: 2025-11-07 14:26
    VLAI
    Summary
    Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.00.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T14:14:18.179248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T14:26:14.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.00.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-05T05:40:57.790Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-21076",
        "datePublished": "2025-11-05T05:40:57.790Z",
        "dateReserved": "2024-11-06T02:30:14.896Z",
        "dateUpdated": "2025-11-07T14:26:14.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21481 (GCVE-0-2023-21481)

    Vulnerability from nvd – Published: 2025-09-03 05:17 – Updated: 2025-09-03 13:49
    VLAI
    Summary
    Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21481",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T13:49:29.627655Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T13:49:42.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.1.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T05:17:13.586Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-21481",
        "datePublished": "2025-09-03T05:17:13.586Z",
        "dateReserved": "2022-11-14T08:58:53.182Z",
        "dateUpdated": "2025-09-03T13:49:42.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20841 (GCVE-0-2024-20841)

    Vulnerability from nvd – Published: 2024-03-05 04:44 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T13:57:40.834006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:00.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samnsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.8.00.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T04:44:50.761Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20841",
        "datePublished": "2024-03-05T04:44:50.761Z",
        "dateReserved": "2023-12-05T04:57:52.536Z",
        "dateUpdated": "2024-08-01T22:06:36.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42551 (GCVE-0-2023-42551)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:14
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42551",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:44:58.858737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:14:55.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:50.113Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42551",
        "datePublished": "2023-11-07T07:49:50.113Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:14:55.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42550 (GCVE-0-2023-42550)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:15
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:47:51.442907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:15:18.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:49.126Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42550",
        "datePublished": "2023-11-07T07:49:49.126Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:15:18.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42549 (GCVE-0-2023-42549)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:15
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42549",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:51:43.372693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:15:44.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:48.167Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42549",
        "datePublished": "2023-11-07T07:49:48.167Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:15:44.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42548 (GCVE-0-2023-42548)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2025-06-11 14:35
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:40.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T14:34:53.700590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T14:35:09.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:47.191Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42548",
        "datePublished": "2023-11-07T07:49:47.191Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2025-06-11T14:35:09.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42547 (GCVE-0-2023-42547)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:16
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42547",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:54:57.261517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:16:18.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:46.204Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42547",
        "datePublished": "2023-11-07T07:49:46.204Z",
        "dateReserved": "2023-09-11T23:55:08.350Z",
        "dateUpdated": "2024-09-12T19:16:18.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42546 (GCVE-0-2023-42546)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2024-09-17 13:31
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42546",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:58:00.286774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:31:55.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:44.951Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42546",
        "datePublished": "2023-11-07T07:49:44.951Z",
        "dateReserved": "2023-09-11T23:55:08.350Z",
        "dateUpdated": "2024-09-17T13:31:55.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42540 (GCVE-0-2023-42540)

    Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2025-03-06 15:31
    VLAI
    Summary
    Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42540",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T15:25:48.579060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T15:31:58.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:38.507Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42540",
        "datePublished": "2023-11-07T07:49:38.507Z",
        "dateReserved": "2023-09-11T23:55:08.350Z",
        "dateUpdated": "2025-03-06T15:31:58.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20994 (GCVE-0-2026-20994)

    Vulnerability from cvelistv5 – Published: 2026-03-16 04:32 – Updated: 2026-05-20 02:17
    VLAI
    Summary
    URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20994",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:10:52.015253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:19:36.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eURL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.\u003c/p\u003e"
                }
              ],
              "value": "URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0026#39;Open Redirect\u0026#39;)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T02:17:15.248Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-20994",
        "datePublished": "2026-03-16T04:32:01.472Z",
        "dateReserved": "2025-12-11T01:33:35.801Z",
        "dateUpdated": "2026-05-20T02:17:15.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58487 (GCVE-0-2025-58487)

    Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
    VLAI
    Summary
    Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58487",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:43.649227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:55:48.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:33.938Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58487",
        "datePublished": "2025-12-02T01:24:33.938Z",
        "dateReserved": "2025-09-03T06:13:48.469Z",
        "dateUpdated": "2025-12-02T16:55:48.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58486 (GCVE-0-2025-58486)

    Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
    VLAI
    Summary
    Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.01.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58486",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:45.984575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:55:55.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.01.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:32.755Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58486",
        "datePublished": "2025-12-02T01:24:32.755Z",
        "dateReserved": "2025-09-03T06:13:48.468Z",
        "dateUpdated": "2025-12-02T16:55:55.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21076 (GCVE-0-2025-21076)

    Vulnerability from cvelistv5 – Published: 2025-11-05 05:40 – Updated: 2025-11-07 14:26
    VLAI
    Summary
    Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 15.5.00.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T14:14:18.179248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T14:26:14.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "15.5.00.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-05T05:40:57.790Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-21076",
        "datePublished": "2025-11-05T05:40:57.790Z",
        "dateReserved": "2024-11-06T02:30:14.896Z",
        "dateUpdated": "2025-11-07T14:26:14.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21481 (GCVE-0-2023-21481)

    Vulnerability from cvelistv5 – Published: 2025-09-03 05:17 – Updated: 2025-09-03 13:49
    VLAI
    Summary
    Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21481",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T13:49:29.627655Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T13:49:42.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.1.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T05:17:13.586Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-21481",
        "datePublished": "2025-09-03T05:17:13.586Z",
        "dateReserved": "2022-11-14T08:58:53.182Z",
        "dateUpdated": "2025-09-03T13:49:42.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20841 (GCVE-0-2024-20841)

    Vulnerability from cvelistv5 – Published: 2024-03-05 04:44 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T13:57:40.834006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:00.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samnsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.8.00.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T04:44:50.761Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20841",
        "datePublished": "2024-03-05T04:44:50.761Z",
        "dateReserved": "2023-12-05T04:57:52.536Z",
        "dateUpdated": "2024-08-01T22:06:36.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42551 (GCVE-0-2023-42551)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:14
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42551",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:44:58.858737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:14:55.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:50.113Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42551",
        "datePublished": "2023-11-07T07:49:50.113Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:14:55.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42550 (GCVE-0-2023-42550)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:15
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:47:51.442907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:15:18.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:49.126Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42550",
        "datePublished": "2023-11-07T07:49:49.126Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:15:18.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42549 (GCVE-0-2023-42549)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:15
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42549",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:51:43.372693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:15:44.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:48.167Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42549",
        "datePublished": "2023-11-07T07:49:48.167Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2024-09-12T19:15:44.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42548 (GCVE-0-2023-42548)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2025-06-11 14:35
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:40.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T14:34:53.700590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T14:35:09.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:47.191Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42548",
        "datePublished": "2023-11-07T07:49:47.191Z",
        "dateReserved": "2023-09-11T23:55:08.351Z",
        "dateUpdated": "2025-06-11T14:35:09.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42547 (GCVE-0-2023-42547)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2024-09-12 19:16
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42547",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:54:57.261517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:16:18.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:46.204Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42547",
        "datePublished": "2023-11-07T07:49:46.204Z",
        "dateReserved": "2023-09-11T23:55:08.350Z",
        "dateUpdated": "2024-09-12T19:16:18.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42546 (GCVE-0-2023-42546)

    Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2024-09-17 13:31
    VLAI
    Summary
    Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Account Unaffected: 14.5.00.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42546",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T17:58:00.286774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:31:55.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Account",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.00.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T07:49:44.951Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-42546",
        "datePublished": "2023-11-07T07:49:44.951Z",
        "dateReserved": "2023-09-11T23:55:08.350Z",
        "dateUpdated": "2024-09-17T13:31:55.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201703-0429

    Vulnerability from variot - Updated: 2025-04-20 23:05

    GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Samsung Account is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Samsung Account prior to 1.6.0069 and 2.x prior to 2.1.0069 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0429",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "account app",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "galaxy app",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "galaxy apps",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "samsung",
            "version": "14120405.03.012"
          },
          {
            "model": "account",
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "galaxy s5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "0"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "0"
          },
          {
            "model": "account",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "1.6.10"
          },
          {
            "model": "account",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "2.1.69"
          },
          {
            "model": "account",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "1.6.69"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:samsung:galaxy_app",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:samsung:samsung_account_app",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ryan Welton and Jake Van Dyke.",
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0863",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.5,
                "id": "CVE-2015-0863",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2015-0863",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0863",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-0863",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1209",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Samsung Account is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nSamsung Account prior to 1.6.0069 and 2.x prior to 2.1.0069 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "BID",
            "id": "97207"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0863",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "97207",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "id": "VAR-201703-0429",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5273834
      },
      "last_update_date": "2025-04-20T23:05:24.196000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.galaxymobile.jp/"
          },
          {
            "title": "Samsung GALAXY Apps Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74772"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0863"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0863"
          },
          {
            "trust": 0.3,
            "url": "http://www.samsung.com/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-27T00:00:00",
            "db": "BID",
            "id": "97207"
          },
          {
            "date": "2017-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "date": "2017-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "date": "2017-03-27T17:59:00.163000",
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-04T00:02:00",
            "db": "BID",
            "id": "97207"
          },
          {
            "date": "2017-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          },
          {
            "date": "2017-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-0863"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GALAXY Apps Vulnerability in which important information is obtained",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007450"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1209"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201703-0430

    Vulnerability from variot - Updated: 2025-04-20 23:05

    Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Samsung Account is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Samsung Account prior to 1.6.0069 and 2.x prior to 2.1.0069 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0430",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "account app",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "galaxy app",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "galaxy apps",
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung",
            "version": null
          },
          {
            "model": "account",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "samsung",
            "version": "2.1.0069"
          },
          {
            "model": "account",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "samsung",
            "version": "2.x"
          },
          {
            "model": "galaxy s5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "0"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "0"
          },
          {
            "model": "account",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "1.6.10"
          },
          {
            "model": "account",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "2.1.69"
          },
          {
            "model": "account",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "samsung",
            "version": "1.6.69"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:samsung:galaxy_app",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:samsung:samsung_account_app",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ryan Welton and Jake Van Dyke.",
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0864",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.9,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.5,
                "id": "CVE-2015-0864",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2015-0864",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0864",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-0864",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1208",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-0864",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Samsung Account is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nSamsung Account prior to 1.6.0069 and 2.x prior to 2.1.0069 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0864"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0864",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "97207",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0864",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "id": "VAR-201703-0430",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5273834
      },
      "last_update_date": "2025-04-20T23:05:24.167000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.galaxymobile.jp/"
          },
          {
            "title": "Samsung Account Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74771"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.nowsecure.com/blog/2015/01/26/samsung-account-and-galaxy-apps-technical-breakdown-cve-2015-0863-and-cve-2015-0864/"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/97207"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0864"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0864"
          },
          {
            "trust": 0.3,
            "url": "http://www.samsung.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "db": "BID",
            "id": "97207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "date": "2017-03-27T00:00:00",
            "db": "BID",
            "id": "97207"
          },
          {
            "date": "2017-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "date": "2017-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "date": "2017-03-27T17:59:00.227000",
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0864"
          },
          {
            "date": "2017-04-04T00:02:00",
            "db": "BID",
            "id": "97207"
          },
          {
            "date": "2017-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          },
          {
            "date": "2017-09-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-0864"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "97207"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Samsung Account Vulnerability in which important information is obtained",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007451"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1208"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0680

    Vulnerability from variot - Updated: 2024-11-23 23:10

    Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Samsung Account is a comprehensive free membership for Samsung mobile devices, Samsung services available on smartphones, tablets, websites, TVs and other devices. Attackers can exploit this vulnerability to obtain user emails or phone numbers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0680",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "account",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "samsung",
            "version": "13.2.00.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "cve": "CVE-2022-30734",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-30734",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-81377",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-30734",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "mobile.security@samsung.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.5,
                "id": "CVE-2022-30734",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-30734",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "mobile.security@samsung.com",
                "id": "CVE-2022-30734",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-81377",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-688",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-30734",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Samsung Account is a comprehensive free membership for Samsung mobile devices, Samsung services available on smartphones, tablets, websites, TVs and other devices. Attackers can exploit this vulnerability to obtain user emails or phone numbers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-30734",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "id": "VAR-202206-0680",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:10:48.756000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Samsung Account Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195798"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-668",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=6"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30734"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-30734/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/668.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "date": "2022-06-07T19:15:10.057000",
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          },
          {
            "date": "2022-06-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30734"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          },
          {
            "date": "2024-11-21T07:03:16.420000",
            "db": "NVD",
            "id": "CVE-2022-30734"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Samsung Account Information Disclosure Vulnerability (CNVD-2022-81377)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81377"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-688"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0730

    Vulnerability from variot - Updated: 2024-11-23 21:50

    Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. Samsung Account is a mobile account feature for Samsung mobile devices. The vulnerability stems from not properly securing email IDs in Samsung Accounts. An attacker could exploit this vulnerability to obtain email IDs

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0730",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "account",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "samsung",
            "version": "13.2.00.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "cve": "CVE-2022-30737",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-30737",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-76510",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-30737",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "mobile.security@samsung.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.5,
                "id": "CVE-2022-30737",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-30737",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "mobile.security@samsung.com",
                "id": "CVE-2022-30737",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-76510",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-685",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-30737",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. Samsung Account is a mobile account feature for Samsung mobile devices. The vulnerability stems from not properly securing email IDs in Samsung Accounts. An attacker could exploit this vulnerability to obtain email IDs",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-30737",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "id": "VAR-202206-0730",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:50:27.451000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Samsung Account Implicit Intent Hijacking Vulnerability (CNVD-2022-76510)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/356136"
          },
          {
            "title": "Samsung Account Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195795"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=6"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30737"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-30737/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "date": "2022-06-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "date": "2022-06-07T19:15:10.237000",
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          },
          {
            "date": "2022-06-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30737"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          },
          {
            "date": "2024-11-21T07:03:16.787000",
            "db": "NVD",
            "id": "CVE-2022-30737"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Samsung Account Implicit Intent Hijacking Vulnerability (CNVD-2022-76510)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-76510"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-685"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-0113

    Vulnerability from variot - Updated: 2024-08-14 15:42

    Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Samsung's account Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to log off without authorization

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0113",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "account",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "samsung",
            "version": "13.5.01.3"
          },
          {
            "model": "account",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b5\u30e0\u30b9\u30f3",
            "version": null
          },
          {
            "model": "account",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b5\u30e0\u30b9\u30f3",
            "version": null
          },
          {
            "model": "account",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b5\u30e0\u30b9\u30f3",
            "version": "13.5.01.3"
          },
          {
            "model": "mobile devices",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "samsung",
            "version": "13.5.01.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "cve": "CVE-2022-39875",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2022-87955",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-39875",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "mobile.security@samsung.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.5,
                "id": "CVE-2022-39875",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 4.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-39875",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-39875",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "mobile.security@samsung.com",
                "id": "CVE-2022-39875",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-39875",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-87955",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-269",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Samsung\u0027s account Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea\u0027s Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to log off without authorization",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-39875",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "id": "VAR-202210-0113",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          }
        ]
      },
      "last_update_date": "2024-08-14T15:42:12.721000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for SAMSUNG Mobile devices account component access control error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/371221"
          },
          {
            "title": "SAMSUNG Mobile devices Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209910"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39875"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-39875/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "date": "2023-10-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "date": "2022-10-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "date": "2022-10-07T15:15:23.430000",
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-87955"
          },
          {
            "date": "2023-10-20T08:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          },
          {
            "date": "2022-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          },
          {
            "date": "2022-10-11T16:58:07.947000",
            "db": "NVD",
            "id": "CVE-2022-39875"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Samsung\u0027s \u00a0account\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-018619"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-269"
          }
        ],
        "trust": 0.6
      }
    }