CVE-2022-26090 — Resource Exposure in Mobile Samsungcontacts

CWE-815 CWE-668 — Resource Exposure2 documents2 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 95.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsungcontacts Google Android

Timeline

PublishedApr 11

Latest updateApr 12

Description

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsungcontactsR(11), S(12) — SMR Apr-2022 Release 1

▶NVDgoogle/android10.0, 11.0+1

🔴Vulnerability Details

GHSA

GHSA-2hgf-c2v6-4f32: Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without↗2022-04-12

▶