CVE-2022-39877

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 59.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Group Sharing Samsung Group Sharing

Timeline

PublishedOct 7

Description

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/group_sharing< 13.0.6.15+1

▶CVEListV5samsung_mobile/group_sharingunspecified — 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below

🔴Vulnerability Details

CVEList

CVE-2022-39877: Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13↗2022-10-07

▶

GHSA

GHSA-3mj6-p6q9-4j76: Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13↗2022-10-07

▶