CVE-2022-39915

Published: Dec 8, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.

Affected (4)

Products: Samsung: Calendar

Samsung

1 product

Calendar

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 11.6.08.0

Running on/with	Platform Versions
Google Android	Version 10.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 12.2.11.3000

Running on/with	Platform Versions
Google Android	Version 11.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 12.3.07.2000

Running on/with	Platform Versions
Google Android	Version 12.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 12.4.02.0

Running on/with	Platform Versions
Google Android	Version 13.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.