Search

Find a vulnerability

Search criteria

    62 vulnerabilities found for galaxy_store by samsung

    CVE-2026-21002 (GCVE-0-2026-21002)

    Vulnerability from nvd – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:59
    VLAI
    Summary
    Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:59:23.936846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:59:29.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:11.128Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21002",
        "datePublished": "2026-03-16T04:32:11.128Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:59:29.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21001 (GCVE-0-2026-21001)

    Vulnerability from nvd – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:59
    VLAI
    Summary
    Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:59:38.019540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:59:43.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-35: Path Traversal",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:09.910Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21001",
        "datePublished": "2026-03-16T04:32:09.910Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:59:43.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21000 (GCVE-0-2026-21000)

    Vulnerability from nvd – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:19
    VLAI
    Summary
    Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21000",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:13:13.532097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:19:35.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:08.760Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21000",
        "datePublished": "2026-03-16T04:32:08.760Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:19:35.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20976 (GCVE-0-2026-20976)

    Vulnerability from nvd – Published: 2026-01-09 06:17 – Updated: 2026-01-09 19:10
    VLAI
    Summary
    Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20976",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T19:08:14.243909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T19:10:00.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.02"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T06:17:10.980Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-20976",
        "datePublished": "2026-01-09T06:17:10.980Z",
        "dateReserved": "2025-12-11T01:33:35.799Z",
        "dateUpdated": "2026-01-09T19:10:00.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58483 (GCVE-0-2025-58483)

    Vulnerability from nvd – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
    VLAI
    Summary
    Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:52.950736Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:56:19.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store for Galaxy Watch",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1.0.06.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:29.344Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58483",
        "datePublished": "2025-12-02T01:24:29.344Z",
        "dateReserved": "2025-09-03T06:13:48.468Z",
        "dateUpdated": "2025-12-02T16:56:19.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21483 (GCVE-0-2023-21483)

    Vulnerability from nvd – Published: 2025-09-03 05:17 – Updated: 2025-09-03 20:11
    VLAI
    Summary
    Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.53.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T20:00:15.362917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T20:11:38.981Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.53.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T05:17:15.644Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-21483",
        "datePublished": "2025-09-03T05:17:15.644Z",
        "dateReserved": "2022-11-14T08:58:53.183Z",
        "dateUpdated": "2025-09-03T20:11:38.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20951 (GCVE-0-2025-20951)

    Vulnerability from nvd – Published: 2025-04-08 04:40 – Updated: 2025-04-08 15:30
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.90.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20951",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:12:36.212602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T15:30:09.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.90.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T04:40:05.996Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20951",
        "datePublished": "2025-04-08T04:40:05.996Z",
        "dateReserved": "2024-11-06T02:30:14.864Z",
        "dateUpdated": "2025-04-08T15:30:09.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20895 (GCVE-0-2025-20895)

    Vulnerability from nvd – Published: 2025-02-04 07:19 – Updated: 2025-02-04 16:19
    VLAI
    Summary
    Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.87.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T16:11:29.472059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T16:19:16.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.87.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-288: Authentication Bypass Using an Alternate Path",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T07:19:42.808Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20895",
        "datePublished": "2025-02-04T07:19:42.808Z",
        "dateReserved": "2024-11-06T02:30:14.837Z",
        "dateUpdated": "2025-02-04T16:19:16.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34601 (GCVE-0-2024-34601)

    Vulnerability from nvd – Published: 2024-07-02 09:23 – Updated: 2024-08-02 02:59
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GalaxyStore Unaffected: 4.5.81.0
    Create a notification for this product.
    samsung_mobile galaxystore Unaffected: 4.5.81.0
        cpe:2.3:a:samsung_mobile:galaxystore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung_mobile:galaxystore:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "galaxystore",
                "vendor": "samsung_mobile",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "4.5.81.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:56:59.979186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T15:08:59.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:21.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GalaxyStore",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.81.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T09:23:41.774Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-34601",
        "datePublished": "2024-07-02T09:23:41.774Z",
        "dateReserved": "2024-05-07T04:43:27.829Z",
        "dateUpdated": "2024-08-02T02:59:21.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20870 (GCVE-0-2024-20870)

    Vulnerability from nvd – Published: 2024-05-07 04:28 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.71.8
    Create a notification for this product.
    samsung galaxy_store Affected: 4.5.71.8
        cpe:2.3:a:samsung:galaxy_store:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung:galaxy_store:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "galaxy_store",
                "vendor": "samsung",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.71.8"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T14:32:43.531042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:12.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.71.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T04:28:58.507Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20870",
        "datePublished": "2024-05-07T04:28:58.507Z",
        "dateReserved": "2023-12-05T04:57:52.548Z",
        "dateUpdated": "2024-08-01T22:06:36.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20825 (GCVE-0-2024-20825)

    Vulnerability from nvd – Published: 2024-02-06 02:23 – Updated: 2025-05-15 19:45
    VLAI
    Summary
    Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:37.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20825",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:50:06.423902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:45:17.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:15.543Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20825",
        "datePublished": "2024-02-06T02:23:15.543Z",
        "dateReserved": "2023-12-05T04:57:52.534Z",
        "dateUpdated": "2025-05-15T19:45:17.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20824 (GCVE-0-2024-20824)

    Vulnerability from nvd – Published: 2024-02-06 02:23 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-07T15:47:29.936673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:38.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:14.512Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20824",
        "datePublished": "2024-02-06T02:23:14.512Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2024-08-01T22:06:36.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20823 (GCVE-0-2024-20823)

    Vulnerability from nvd – Published: 2024-02-06 02:23 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T19:43:00.971767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:37.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:13.477Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20823",
        "datePublished": "2024-02-06T02:23:13.477Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2024-08-01T22:06:36.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20822 (GCVE-0-2024-20822)

    Vulnerability from nvd – Published: 2024-02-06 02:23 – Updated: 2025-04-24 15:49
    VLAI
    Summary
    Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-07T15:01:25.993563Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T15:49:46.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:12.460Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20822",
        "datePublished": "2024-02-06T02:23:12.460Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2025-04-24T15:49:46.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42581 (GCVE-0-2023-42581)

    Vulnerability from nvd – Published: 2023-12-05 02:44 – Updated: 2024-08-28 18:22
    VLAI
    Summary
    Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.64.4
    Create a notification for this product.
    samsung galaxy_store Affected: 4.5.64.4
        cpe:2.3:a:samsung:galaxy_store:4.5.64.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung:galaxy_store:4.5.64.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "galaxy_store",
                "vendor": "samsung",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.64.4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42581",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T17:28:12.395034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T18:22:36.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.64.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-05T02:44:39.034Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-42581",
        "datePublished": "2023-12-05T02:44:39.034Z",
        "dateReserved": "2023-09-11T23:55:08.357Z",
        "dateUpdated": "2024-08-28T18:22:36.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42580 (GCVE-0-2023-42580)

    Vulnerability from nvd – Published: 2023-12-05 02:44 – Updated: 2024-08-02 19:23
    VLAI
    Summary
    Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.64.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:23:39.771Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.64.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-05T02:44:38.048Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-42580",
        "datePublished": "2023-12-05T02:44:38.048Z",
        "dateReserved": "2023-09-11T23:55:08.357Z",
        "dateUpdated": "2024-08-02T19:23:39.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-21002 (GCVE-0-2026-21002)

    Vulnerability from cvelistv5 – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:59
    VLAI
    Summary
    Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:59:23.936846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:59:29.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:11.128Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21002",
        "datePublished": "2026-03-16T04:32:11.128Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:59:29.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21001 (GCVE-0-2026-21001)

    Vulnerability from cvelistv5 – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:59
    VLAI
    Summary
    Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:59:38.019540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:59:43.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-35: Path Traversal",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:09.910Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21001",
        "datePublished": "2026-03-16T04:32:09.910Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:59:43.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21000 (GCVE-0-2026-21000)

    Vulnerability from cvelistv5 – Published: 2026-03-16 04:32 – Updated: 2026-03-16 13:19
    VLAI
    Summary
    Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.6.03.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21000",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:13:13.532097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:19:35.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.03.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T04:32:08.760Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=03"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21000",
        "datePublished": "2026-03-16T04:32:08.760Z",
        "dateReserved": "2025-12-11T01:33:35.802Z",
        "dateUpdated": "2026-03-16T13:19:35.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20976 (GCVE-0-2026-20976)

    Vulnerability from cvelistv5 – Published: 2026-01-09 06:17 – Updated: 2026-01-09 19:10
    VLAI
    Summary
    Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20976",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T19:08:14.243909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T19:10:00.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.6.02"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-09T06:17:10.980Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-20976",
        "datePublished": "2026-01-09T06:17:10.980Z",
        "dateReserved": "2025-12-11T01:33:35.799Z",
        "dateUpdated": "2026-01-09T19:10:00.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58483 (GCVE-0-2025-58483)

    Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
    VLAI
    Summary
    Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T16:50:52.950736Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T16:56:19.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store for Galaxy Watch",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1.0.06.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T01:24:29.344Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-58483",
        "datePublished": "2025-12-02T01:24:29.344Z",
        "dateReserved": "2025-09-03T06:13:48.468Z",
        "dateUpdated": "2025-12-02T16:56:19.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21483 (GCVE-0-2023-21483)

    Vulnerability from cvelistv5 – Published: 2025-09-03 05:17 – Updated: 2025-09-03 20:11
    VLAI
    Summary
    Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.53.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T20:00:15.362917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T20:11:38.981Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.53.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T05:17:15.644Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2023-21483",
        "datePublished": "2025-09-03T05:17:15.644Z",
        "dateReserved": "2022-11-14T08:58:53.183Z",
        "dateUpdated": "2025-09-03T20:11:38.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20951 (GCVE-0-2025-20951)

    Vulnerability from cvelistv5 – Published: 2025-04-08 04:40 – Updated: 2025-04-08 15:30
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.90.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20951",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:12:36.212602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T15:30:09.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.90.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T04:40:05.996Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20951",
        "datePublished": "2025-04-08T04:40:05.996Z",
        "dateReserved": "2024-11-06T02:30:14.864Z",
        "dateUpdated": "2025-04-08T15:30:09.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20895 (GCVE-0-2025-20895)

    Vulnerability from cvelistv5 – Published: 2025-02-04 07:19 – Updated: 2025-02-04 16:19
    VLAI
    Summary
    Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.87.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T16:11:29.472059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T16:19:16.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.87.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-288: Authentication Bypass Using an Alternate Path",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-04T07:19:42.808Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20895",
        "datePublished": "2025-02-04T07:19:42.808Z",
        "dateReserved": "2024-11-06T02:30:14.837Z",
        "dateUpdated": "2025-02-04T16:19:16.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34601 (GCVE-0-2024-34601)

    Vulnerability from cvelistv5 – Published: 2024-07-02 09:23 – Updated: 2024-08-02 02:59
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile GalaxyStore Unaffected: 4.5.81.0
    Create a notification for this product.
    samsung_mobile galaxystore Unaffected: 4.5.81.0
        cpe:2.3:a:samsung_mobile:galaxystore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung_mobile:galaxystore:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "galaxystore",
                "vendor": "samsung_mobile",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "4.5.81.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:56:59.979186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T15:08:59.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:21.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GalaxyStore",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.81.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T09:23:41.774Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-34601",
        "datePublished": "2024-07-02T09:23:41.774Z",
        "dateReserved": "2024-05-07T04:43:27.829Z",
        "dateUpdated": "2024-08-02T02:59:21.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20870 (GCVE-0-2024-20870)

    Vulnerability from cvelistv5 – Published: 2024-05-07 04:28 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-925 - Improper Verification of Intent by Broadcast Receiver
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.71.8
    Create a notification for this product.
    samsung galaxy_store Affected: 4.5.71.8
        cpe:2.3:a:samsung:galaxy_store:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:samsung:galaxy_store:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "galaxy_store",
                "vendor": "samsung",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5.71.8"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T14:32:43.531042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:12.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.71.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-925 : Improper Verification of Intent by Broadcast Receiver",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T04:28:58.507Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20870",
        "datePublished": "2024-05-07T04:28:58.507Z",
        "dateReserved": "2023-12-05T04:57:52.548Z",
        "dateUpdated": "2024-08-01T22:06:36.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20825 (GCVE-0-2024-20825)

    Vulnerability from cvelistv5 – Published: 2024-02-06 02:23 – Updated: 2025-05-15 19:45
    VLAI
    Summary
    Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:37.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20825",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:50:06.423902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:45:17.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:15.543Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20825",
        "datePublished": "2024-02-06T02:23:15.543Z",
        "dateReserved": "2023-12-05T04:57:52.534Z",
        "dateUpdated": "2025-05-15T19:45:17.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20824 (GCVE-0-2024-20824)

    Vulnerability from cvelistv5 – Published: 2024-02-06 02:23 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-07T15:47:29.936673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:38.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:14.512Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20824",
        "datePublished": "2024-02-06T02:23:14.512Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2024-08-01T22:06:36.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20823 (GCVE-0-2024-20823)

    Vulnerability from cvelistv5 – Published: 2024-02-06 02:23 – Updated: 2024-08-01 22:06
    VLAI
    Summary
    Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T19:43:00.971767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:37.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:13.477Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20823",
        "datePublished": "2024-02-06T02:23:13.477Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2024-08-01T22:06:36.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20822 (GCVE-0-2024-20822)

    Vulnerability from cvelistv5 – Published: 2024-02-06 02:23 – Updated: 2025-04-24 15:49
    VLAI
    Summary
    Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-927 - Use of Implicit Intent for Sensitive Communication
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Galaxy Store Unaffected: 4.5.63.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-07T15:01:25.993563Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T15:49:46.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:06:36.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Galaxy Store",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "4.5.63.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T02:23:12.460Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=02"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2024-20822",
        "datePublished": "2024-02-06T02:23:12.460Z",
        "dateReserved": "2023-12-05T04:57:52.533Z",
        "dateUpdated": "2025-04-24T15:49:46.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }