CVE-2022-39862Improper Authorization in Samsung Dynamic Lockscreen

CWE-285Improper AuthorizationCWE-863Incorrect Authorization3 documents3 sources
Severity
9.8CRITICALNVD
CNA5.3
EPSS
0.3%
top 49.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile DevicesSamsung Dynamic Lockscreen
Timeline
PublishedOct 7

Description

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesR(11), S(12)SMR Oct-2022 Release 1

🔴Vulnerability Details

2
GHSA
GHSA-596x-3pr6-hffr: Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 32022-10-07
CVEList
CVE-2022-39862: Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 32022-10-07
CVE-2022-39862 — Improper Authorization in Samsung | cvebase