CVE-2022-22285

CWE-94Code Injection3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 70.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile ReminderSamsung Reminder
Timeline
PublishedJan 10
Latest updateJan 11

Description

A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/reminder< 12.2.05.0+1
CVEListV5samsung_mobile/reminder-12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0)

🔴Vulnerability Details

2
GHSA
GHSA-4m5x-p265-j28q: A vulnerability using PendingIntent in Reminder prior to version 122022-01-11
CVEList
CVE-2022-22285: A vulnerability using PendingIntent in Reminder prior to version 122022-01-07
CVE-2022-22285 (HIGH CVSS 7.1) | A vulnerability using PendingIntent | cvebase.io