CVE-2022-33708Improper Input Validation in Mobile Galaxy Store

CWE-20Improper Input ValidationCWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 90.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Galaxy StoreSamsung Galaxy Store
Timeline
PublishedJul 12
Latest updateJul 13

Description

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/galaxy_store< 4.5.41.8
CVEListV5samsung_mobile/galaxy_storeunspecified4.5.41.8

🔴Vulnerability Details

2
GHSA
GHSA-8xjw-45rg-ghhp: Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 42022-07-13
CVEList
CVE-2022-33708: Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 42022-07-11