CVE-2023-21464

Published: Mar 16, 2023Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.

Affected (2)

Products: Samsung: Calendar

Samsung

1 product

Calendar

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 12.4.02.9000

Running on/with	Platform Versions
Google Android	Version 13.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Calendar	Before 12.3.08.2000

Running on/with	Platform Versions
Google Android	Version 12.0

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.