CVE-2023-21447

CWE-284 — Improper Access Control CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

3.3LOW

EPSS

0.1%

top 82.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung Cloud Samsung Cloud

Timeline

PublishedFeb 9

Description

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

▶NVDsamsung/cloud< 5.3.0.32

▶CVEListV5samsung_mobile/samsung_cloudunspecified — 5.3.0.32

🔴Vulnerability Details

CVEList

CVE-2023-21447: Improper access control vulnerabilities in Samsung Cloud prior to version 5↗2023-02-09

▶

GHSA

GHSA-4cgf-47r3-59wr: Improper access control vulnerabilities in Samsung Cloud prior to version 5↗2023-02-09

▶