CVE-2018-10499

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.0HIGH

EPSS

0.1%

top 77.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Galaxy Apps Samsung Samsung Galaxy Apps

Timeline

PublishedSep 24

Latest updateMay 13

Description

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue lies in the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to…

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDsamsung/galaxy_apps< 6.4.0.15

▶CVEListV5samsung/samsung_galaxy_appsFixed in version 6.4.0.15

🔴Vulnerability Details

GHSA

GHSA-qqc6-9r93-rfgq: This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6↗2022-05-13

▶

CVEList

CVE-2018-10499: This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6↗2018-09-24

▶