CVE-2022-28775

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 81.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung FlowSamsung Samsung Flow
Timeline
PublishedApr 11
Latest updateApr 12

Description

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 2.5 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/samsung_flow< 4.8.06.5
CVEListV5samsung_mobile/samsung_flow-4.8.06.5

🔴Vulnerability Details

2
GHSA
GHSA-4hfc-c3hg-m9pr: Improper access control vulnerability in Samsung Flow prior to version 42022-04-12
CVEList
CVE-2022-28775: Improper access control vulnerability in Samsung Flow prior to version 42022-04-11
CVE-2022-28775 (LOW CVSS 3.3) | Improper access control vulnerabili | cvebase.io