CVE-2022-24923

Published: Feb 11, 2022Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

Affected (1)

Products: Samsung: Searchwidget

Samsung

1 product

Searchwidget

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Searchwidget	Before 2.3.00.6

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.