CVE-2023-21446Improper Input Validation in Mobile Myfiles

CWE-20Improper Input Validation3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.1%
top 82.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile MyfilesSamsung Android
Timeline
PublishedFeb 9

Description

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/android11.0, 12.0, 13.0+2
CVEListV5samsung_mobile/myfilesunspecified12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13)

🔴Vulnerability Details

2
CVEList
CVE-2023-21446: Improper input validation in MyFiles prior to version 122023-02-09
GHSA
GHSA-jqvq-vhfp-wgwr: Improper input validation in MyFiles prior to version 122023-02-09
CVE-2023-21446 — Improper Input Validation | cvebase