CVE-2023-21445 — Improper Access Control in Mobile THE Patch Adds Proper Access Control TO USE Explicit Intent

CWE-284 — Improper Access Control CWE-668 — Resource Exposure3 documents3 sources

Severity

7.8HIGHNVD

CNA5.5

EPSS

0.1%

top 83.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile THE Patch Adds Proper Access Control TO USE Explicit Intent Samsung Android

Timeline

PublishedFeb 9

Description

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5samsung_mobile/the_patch_adds_proper_access_control_to_use_explicit_intentunspecified — 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13)

▶NVDsamsung/android11.0, 12.0, 13.0+2

🔴Vulnerability Details

GHSA

GHSA-q22j-6g9r-wc97: Improper access control vulnerability in MyFiles prior to versions 12↗2023-02-09

▶

CVEList

CVE-2023-21445: Improper access control vulnerability in MyFiles prior to versions 12↗2023-02-09

▶