CVE-2023-42540

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 69.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Account

Timeline

PublishedNov 7

Latest updateNov 14

Description

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages1 packages

▶NVDsamsung/account< 14.5.01.1

🔴Vulnerability Details

GHSA

GHSA-535j-5wpp-p7jm: Improper access control vulnerability in Samsung Account prior to version 14↗2023-11-14

▶

CVEList

CVE-2023-42540: Improper access control vulnerability in Samsung Account prior to version 14↗2023-11-07

▶