CVE-2022-39915

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 72.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung Calendar Samsung Calendar

Timeline

PublishedDec 8

Description

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/calendar< 11.6.08.0+3

▶CVEListV5samsung_mobile/samsung_calendarunspecified — 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13)

🔴Vulnerability Details

CVEList

CVE-2022-39915: Improper access control vulnerability in Calendar prior to versions 11↗2022-12-08

▶

GHSA

GHSA-c888-5r7v-37mw: Improper access control vulnerability in Calendar prior to versions 11↗2022-12-08

▶