CVE-2022-36865

CWE-284 — Improper Access Control3 documents3 sources

Severity

3.3LOW

EPSS

0.1%

top 80.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Group Sharing Samsung Group Sharing

Timeline

PublishedSep 9

Latest updateSep 10

Description

Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/group_sharing< 13.0.6.15+1

▶CVEListV5samsung_mobile/group_sharingunspecified — 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below

🔴Vulnerability Details

GHSA

GHSA-7qg3-4r72-wr92: Improper access control in Group Sharing prior to versions 13↗2022-09-10

▶

CVEList

CVE-2022-36865: Improper access control in Group Sharing prior to versions 13↗2022-09-09

▶