CVE-2023-21463

Published: Mar 16, 2023Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.

Affected (3)

Products: Samsung: Myfiles

Samsung

1 product

Myfiles

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Myfiles	Before 12.2.09.0

Running on/with	Platform Versions
Google Android	Version 11.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Myfiles	Before 13.1.03.501

Running on/with	Platform Versions
Google Android	Version 12.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Myfiles	Before 14.1.03.0

Running on/with	Platform Versions
Google Android	Version 13.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.