CVE-2022-28542Improper Access Control in Mobile Galaxy Store

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.8
EPSS
0.1%
top 83.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Galaxy StoreSamsung Galaxy Store
Timeline
PublishedApr 11
Latest updateApr 12

Description

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/galaxy_store< 4.5.40.5
CVEListV5samsung_mobile/galaxy_store-4.5.40.5

🔴Vulnerability Details

2
GHSA
GHSA-4h5x-x4pf-rgvw: Improper sanitization of incoming intent in Galaxy Store prior to version 42022-04-12
CVEList
CVE-2022-28542: Improper sanitization of incoming intent in Galaxy Store prior to version 42022-04-11
CVE-2022-28542 — Improper Access Control | cvebase