CVE-2022-23433

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 53.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Reminder Samsung Reminder

Timeline

PublishedFeb 11

Latest updateFeb 12

Description

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/reminder< 12.3.01.3000+2

▶CVEListV5samsung_mobile/reminder- — 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10)

🔴Vulnerability Details

GHSA

GHSA-mwwv-v58h-qcvw: Improper access control vulnerability in Reminder prior to versions 12↗2022-02-12

▶

CVEList

CVE-2022-23433: Improper access control vulnerability in Reminder prior to versions 12↗2022-02-11

▶