CVE-2022-39877

Published: Oct 7, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

Affected (2)

Products: Samsung: Group Sharing

Samsung

1 product

Group Sharing

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Group Sharing	Before 13.0.6.15

Running on/with	Platform Versions
Google Android	Version 12.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Group Sharing	Before 13.0.6.14

Running on/with	Platform Versions
Google Android	Version 11.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.