CVE-2022-30740Sensitive Information Exposure in Mobile Samsung Internet

CWE-200Sensitive Information ExposureCWE-922Insecure Storage of Sensitive Information3 documents3 sources
Severity
4.3MEDIUMNVD
CNA4.1
EPSS
0.1%
top 81.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedJun 7
Latest updateJun 8

Description

Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/internet< 17.0.1.69
CVEListV5samsung_mobile/samsung_internetunspecified17.0.1.69

🔴Vulnerability Details

2
GHSA
GHSA-j269-3xcr-7h29: Improper auto-fill algorithm in Samsung Internet prior to version 172022-06-08
CVEList
CVE-2022-30740: Improper auto-fill algorithm in Samsung Internet prior to version 172022-06-07
CVE-2022-30740 — Sensitive Information Exposure | cvebase