CVE-2022-27839

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 62.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung Internet Samsung Internet

Timeline

PublishedApr 11

Latest updateApr 12

Description

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/internet< 16.2.1

▶CVEListV5samsung_mobile/samsung_internet- — 16.2.1

🔴Vulnerability Details

GHSA

GHSA-wfvq-g4v2-j6q7: Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16↗2022-04-12

▶

CVEList

CVE-2022-27839: Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16↗2022-04-11

▶